Bug 1169022 - [abrt] wget: ftp_expected_bytes(): wget killed by SIGSEGV
Summary: [abrt] wget: ftp_expected_bytes(): wget killed by SIGSEGV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: wget
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomáš Hozza
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:833e586dade657e59cf7069af7c...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-29 03:26 UTC by Robert Hancock
Modified: 2014-12-23 18:30 UTC (History)
4 users (show)

Fixed In Version: wget-1.16.1-2.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-20 08:47:21 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (102.69 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: cgroup (180 bytes, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: core_backtrace (1.48 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: dso_list (2.01 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: environ (4.80 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: exploitable (82 bytes, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: limits (1.29 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: maps (9.95 KB, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: open_fds (173 bytes, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: proc_pid_status (938 bytes, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
File: var_log_messages (313 bytes, text/plain)
2014-11-29 03:26 UTC, Robert Hancock
no flags Details
Prevent null pointer dereferencing when calling ftp_expected_bytes() (841 bytes, patch)
2014-12-15 11:20 UTC, Cong Ma
no flags Details | Diff

Description Robert Hancock 2014-11-29 03:26:17 UTC
Description of problem:
During OpenWRT compile

Version-Release number of selected component:
wget-1.16-3.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        wget -t5 --timeout=20 --no-check-certificate -O- ftp://ftp.denx.de/pub/u-boot/u-boot-2014.07.tar.bz2
crash_function: ftp_expected_bytes
executable:     /usr/bin/wget
kernel:         3.17.4-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (5 frames)
 #0 ftp_expected_bytes at ftp.c:91
 #1 getftp at ftp.c:1349
 #2 ftp_loop_internal at ftp.c:1679
 #3 ftp_loop at ftp.c:2466
 #4 retrieve_url at retr.c:806

Comment 1 Robert Hancock 2014-11-29 03:26:20 UTC
Created attachment 962633 [details]
File: backtrace

Comment 2 Robert Hancock 2014-11-29 03:26:21 UTC
Created attachment 962634 [details]
File: cgroup

Comment 3 Robert Hancock 2014-11-29 03:26:21 UTC
Created attachment 962635 [details]
File: core_backtrace

Comment 4 Robert Hancock 2014-11-29 03:26:22 UTC
Created attachment 962636 [details]
File: dso_list

Comment 5 Robert Hancock 2014-11-29 03:26:23 UTC
Created attachment 962637 [details]
File: environ

Comment 6 Robert Hancock 2014-11-29 03:26:24 UTC
Created attachment 962638 [details]
File: exploitable

Comment 7 Robert Hancock 2014-11-29 03:26:25 UTC
Created attachment 962639 [details]
File: limits

Comment 8 Robert Hancock 2014-11-29 03:26:26 UTC
Created attachment 962640 [details]
File: maps

Comment 9 Robert Hancock 2014-11-29 03:26:27 UTC
Created attachment 962641 [details]
File: open_fds

Comment 10 Robert Hancock 2014-11-29 03:26:28 UTC
Created attachment 962642 [details]
File: proc_pid_status

Comment 11 Robert Hancock 2014-11-29 03:26:28 UTC
Created attachment 962643 [details]
File: var_log_messages

Comment 12 Cong Ma 2014-12-15 11:20:27 UTC
Created attachment 968903 [details]
Prevent null pointer dereferencing when calling ftp_expected_bytes()

Hi, any news on this bug?  I also got this segfaults during FTP download when the network is choppy at times.

It appears to be caused by dereferencing a null pointer, as a result of not checking a return value for an exception.  I think the patch should fix it (at least preventing this particular crash).  I've done some extremely rudimentary checks -- basically simulating a "pulling the cable plug" event on a virtual tunnel interface during FTP transfer -- and the patch seemed to do the work (whereas the unpatched wget build crashed).  Still, I hope that expert eyes could be cast on this issue.

Comment 13 Tomáš Hozza 2014-12-15 11:52:29 UTC
Hi.

Thank you for proposing a patch. I didn't have time to look at the issue yet. I'll have a look at your patch. Will you post it on the wget-bug mailing list?

Comment 14 Tomáš Hozza 2014-12-15 13:50:54 UTC
Hi.

The patch looks reasonable. I think it makes sense to dereference respline after the return value of ftp_response().

Will you send the fix to upstream?

Comment 15 Tomáš Hozza 2014-12-15 13:51:53 UTC
(In reply to Tomas Hozza from comment #14)
> Hi.
> 
> The patch looks reasonable. I think it makes sense to dereference respline
> after the return value of ftp_response().
*is checked...

Comment 16 Cong Ma 2014-12-15 13:57:04 UTC
(In reply to Tomas Hozza from comment #14)
> Hi.
> 
> The patch looks reasonable. I think it makes sense to dereference respline
> after the return value of ftp_response().
> 
> Will you send the fix to upstream?

Thanks for pointing me to the wget-bug list.  Yes, I'm going to send it and request upstream review.

Comment 17 Cong Ma 2014-12-17 03:09:41 UTC
Patch is now in upstream repo (git commit 26790c3); should be included with next wget release.

Comment 18 Tomáš Hozza 2014-12-17 07:44:20 UTC
(In reply to Cong Ma from comment #17)
> Patch is now in upstream repo (git commit 26790c3); should be included with
> next wget release.

I saw the mail on upstream mailing list and prepared build for Fedora already yesterday, but didn't push the update.

Thanks!

Comment 19 Fedora Update System 2014-12-17 11:08:22 UTC
wget-1.16.1-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/wget-1.16.1-2.fc20

Comment 20 Fedora Update System 2014-12-17 11:11:40 UTC
wget-1.16.1-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/wget-1.16.1-2.fc21

Comment 21 Fedora Update System 2014-12-18 06:06:06 UTC
Package wget-1.16.1-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing wget-1.16.1-2.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-17134/wget-1.16.1-2.fc21
then log in and leave karma (feedback).

Comment 22 Fedora Update System 2014-12-20 08:47:21 UTC
wget-1.16.1-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2014-12-23 18:30:03 UTC
wget-1.16.1-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.