Bug 756198

Summary: [abrt] git-svn-1.7.7.3-1.fc16: strlen: Process /usr/bin/perl was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Hin-Tak Leung <htl10>
Component: subversionAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: atkac, bkearney, chrisw, cweyl, iarnell, jorton, kasal, lkundrak, mmaslano, npajkovs, ppisar, psabata, rc040203, tcallawa, tmz, vanmeeuwen+fedora, ville.skytta
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:f5f020dcc71a0db3197ed790eeeab03f0121e021
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1219353 (view as bug list) Environment:
Last Closed: 2013-02-14 01:22:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1219353    
Attachments:
Description Flags
File: dso_list
none
File: environ
none
File: maps
none
File: backtrace none

Description Hin-Tak Leung 2011-11-22 22:42:32 UTC 
libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/bin/perl /usr/libexec/git-core/git-svn fetch --all
crash_function: strlen
executable:     /usr/bin/perl
kernel:         3.1.1-2.fc16.x86_64
pid:            18103
pwd:            /home/Hin-Tak/tmp-git/svn-imports/android-quick-settings
reason:         Process /usr/bin/perl was killed by signal 11 (SIGSEGV)
smolt_data:     Unable to save UUID to /etc/smolt/hw-uuid.  Please run once as root.
time:           Tue 22 Nov 2011 20:31:08 GMT
uid:            500
username:       Hin-Tak

backtrace:      Text file, 21746 bytes
dso_list:       Text file, 6660 bytes
environ:        Text file, 4289 bytes
maps:           Text file, 27644 bytes

comment:
:Just doing 'git svn fetch --all', on an old clone which has since somehow got password-protected. The message on the console was
:
:-------------------------------
:Authentication realm: <http://quick-settings.googlecode.com:80> Google Code Subversion Repository
:Password for 'Hin-Tak': 
:Authentication realm: <http://quick-settings.googlecode.com:80> Google Code Subversion Repository
:Username: Use of uninitialized value $username in chomp at /usr/libexec/git-core/git-svn line 4322.
:error: git-svn died of signal 11
:------------------------------------
:
:i.e. "git svn fetch" is supposed to fail, but it should fail gracefully rather than segfault. Has been seeing it for a while, but it seems that abrt hasn't been working for F15 for a while and just started working again 
:in F16.

var_log_messages:
:Nov 20 19:12:36 localhost yum[7088]: Installed: mod_perl-devel-2.0.5-6.fc16.x86_64
:Nov 20 20:29:14 localhost yum[10368]: Updated: perl-Git-1.7.7.3-1.fc16.noarch
:Nov 20 20:56:58 localhost yum[10368]: Updated: ImageMagick-perl-6.7.0.10-4.fc16.x86_64
:Nov 20 21:10:04 localhost yum[10368]: Updated: perl-IO-Socket-SSL-1.49-1.fc16.noarch
:Nov 22 20:31:15 localhost abrt[18135]: Saved core dump of pid 18103 (/usr/bin/perl) to /var/spool/abrt/ccpp-2011-11-22-20:31:08-18103 (19902464 bytes)
Comment 1 Hin-Tak Leung 2011-11-22 22:42:37 UTC 
Created attachment 535215 [details]
File: dso_list
Comment 2 Hin-Tak Leung 2011-11-22 22:42:38 UTC 
Created attachment 535216 [details]
File: environ
Comment 3 Hin-Tak Leung 2011-11-22 22:42:41 UTC 
Created attachment 535217 [details]
File: maps
Comment 4 Hin-Tak Leung 2011-11-22 22:42:43 UTC 
Created attachment 535218 [details]
File: backtrace
Comment 5 abrt-bot 2012-03-30 12:50:34 UTC 
Backtrace analysis of bugs across components suggests the actual bug is in component perl, subversion or neon instead of component git, reassigning to perl.

Bugs which were found to be similar to this bug: bug #605287, bug #693915

This comment is automatically generated.
Comment 6 Petr Pisar 2012-04-03 09:08:12 UTC 
This NULL pointer dereference in glibc strlen(). The SVN extension for git is written as Perl module in C. I think the bug is in that code (git-svn) instead of in the perl. At least this warning backs it:

Username: Use of uninitialized value $username in chomp at
/usr/libexec/git-core/git-svn line 4322.
Comment 7 Petr Pisar 2012-04-03 10:50:13 UTC 
Reproducer:

(1) Install git-svn
(2) Run "git svn clone 'http://quick-settings.googlecode.com/svn' </dev/null"
Comment 8 Petr Pisar 2012-04-03 11:52:24 UTC 
Pure subversion-perl reproducer:

#!/usr/bin/perl
use strict;
use warnings;

use SVN::Client;

sub simple_prompt {
    my $cred = shift;
    $cred->username(undef);
    $cred->password(undef);
}

my $ctx = SVN::Client->new(
    auth => [SVN::Client::get_simple_provider(),
    SVN::Client::get_simple_prompt_provider(\&simple_prompt, 1),
    SVN::Client::get_username_provider()]
);

$ctx->ls('http://quick-settings.googlecode.com/svn/', 'HEAD', 0);

exit 0;
__END__

This is simplified version of an example from SVN::Client documentation. The important part is setting undef as the username. You can use any HTTP/SVN server requiring authentication. This segfaults on the same place in
subversion/bindings/swig/perl/native/core.c:

XS(_wrap_svn_auth_cred_simple_t_username_set) {
    [...]
    char *buf2 = 0 ;
    [...]
    arg1 = (svn_auth_cred_simple_t *)(argp1);
    res2 = SWIG_AsCharPtrAndSize(ST(1), &buf2, NULL, &alloc2);
    if (!SWIG_IsOK(res2)) {
      SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "svn_auth_cred_simple_t_username_set" "', argument " "2"" of type '" "char const *""'");
    }
    arg2 = (char *)(buf2);
    {
→     apr_size_t len = strlen(arg2) + 1;
      char *copied;
      if (arg1->username) free((char *)arg1->username);
      copied = malloc(len);
      memcpy(copied, arg2, len);
      arg1->username = copied;
    }
    [...]
}

Full back-trace shows arg2 is NULL. The arg2 is buf2 which for unknown reason is not properly initialized by SWIG_AsCharPtrAndSize().

Reassigning to subversion.
Comment 9 Fedora End Of Life 2013-01-16 22:51:28 UTC 
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 10 Fedora End Of Life 2013-02-14 01:22:42 UTC 
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.