Bug 327111 - Segfault
Summary: Segfault
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: tla
Version: rawhide
Hardware: i386
OS: Linux
low
high
Target Milestone: ---
Assignee: Debarshi Ray
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-11 01:25 UTC by sangu
Modified: 2007-12-21 21:13 UTC (History)
1 user (show)

Fixed In Version: 1.3.5-4.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-21 21:10:21 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Patch to prevent segmentation fault on Fedora 8 onwards. (1.47 KB, patch)
2007-12-13 19:51 UTC, Debarshi Ray
no flags Details | Diff

Description sangu 2007-10-11 01:25:15 UTC
Description of problem:
$ tla register-archive http://arch.sv.gnu.org/archives/emacs
Segmentation fault
$gdb tla
(gdb) r register-archive http://arch.sv.gnu.org/archives/emacs
[...]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208297184 (LWP 5605)]
0x080b0e5a in ?? ()
(gdb) bt
#0  0x080b0e5a in ?? ()
#1  0x080a0f7f in ?? ()
#2  0x00144083 in end_response (userdata=0x8381198, resource=0x8386158, 
    status=0x0, description=0x0) at ne_props.c:553
#3  0x001426f4 in end_element (userdata=0x837f190, state=2, 
    nspace=0x837fbf0 "DAV:", name=0x8386040 "response") at ne_207.c:220
#4  0x00142eb8 in end_element (userdata=0x8380778, name=0x8385f00 "D:response")
    at ne_xml.c:390
#5  0x00552262 in doContent (parser=0x8380f98, startTagLevel=0, enc=0x569300, 
    s=0x837fe5a "</D:response>\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/gnus/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getlastmodified>Thu,
19 Jan 2006 "..., 
    end=0x838014a "lient/0.1 neon/0.27.2\r\nConnection: TE\r\nTE:
trailers\r\nDepth: 1\r\nContent-Length: 182\r\nContent-Type: application/xml\r\n", 
    nextPtr=0x8380fb0, haveMore=1 '\001') at lib/xmlparse.c:2449
#6  0x00552edd in contentProcessor (parser=0x8380f98, 
    start=0x837fc6f "<D:multistatus xmlns:D=\"DAV:\"
xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getl"...,

    end=0x838014a "lient/0.1 neon/0.27.2\r\nConnection: TE\r\nTE:
trailers\r\nDepth: 1\r\nContent-Length: 182\r\nContent-Type: application/xml\r\n", 
    endPtr=0x8380fb0) at lib/xmlparse.c:2023
---Type <return> to continue, or q <return> to quit---
#7  0x00553f94 in doProlog (parser=0x8380f98, enc=0x569300, 
    s=0x837fc6f "<D:multistatus xmlns:D=\"DAV:\"
xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getl"...,

    end=0x838014a "lient/0.1 neon/0.27.2\r\nConnection: TE\r\nTE:
trailers\r\nDepth: 1\r\nContent-Length: 182\r\nContent-Type:
application/xml\r\n", tok=12, 
    next=0x837fc6f "<D:multistatus xmlns:D=\"DAV:\"
xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getl"...,
nextPtr=0x8380fb0, haveMore=1 '\001') at lib/xmlparse.c:3905
#8  0x00554e65 in prologProcessor (parser=0x8380f98, 
    s=0x837fc48 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., end=0x838014a "lient/0.1
neon/0.27.2\r\nConnection: TE\r\nTE: trailers\r\nDepth: 1\r\nContent-Length:
182\r\nContent-Type: application/xml\r\n", 
    nextPtr=0x8380fb0) at lib/xmlparse.c:3635
#9  0x0054c57b in XML_ParseBuffer (parser=0x8380f98, len=1282, isFinal=0)
    at lib/xmlparse.c:1573
#10 0x00555342 in XML_Parse (parser=0x8380f98, 
    s=0x8383080 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., ---Type <return> to
continue, or q <return> to quit---
len=1282, isFinal=0) at lib/xmlparse.c:1544
#11 0x0014304d in ne_xml_parse (p=0x8380778, 
    block=0x8383080 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., len=1282) at ne_xml.c:546
#12 0x0014317b in ne_xml_parse_v (userdata=0x8380778, 
    block=0x8383080 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., len=1282) at ne_xml.c:500
#13 0x00135d81 in ne_read_response_block (req=0x8383048, 
    buffer=0x8383080 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., buflen=<value optimized
out>) at ne_request.c:779
#14 0x00136144 in ne_discard_response (req=0x8383048) at ne_request.c:1334
#15 0x0013712b in ne_request_dispatch (req=0x8383048) at ne_request.c:1346
#16 0x00143925 in propfind (handler=0x8381198, results=0x80a0f10, 
    userdata=0xbf90d6b4) at ne_props.c:143
#17 0x001442c6 in ne_simple_propfind (sess=0x837e968, 
    href=0x8380620 "/archives/emacs/", depth=1, props=0x80de7e0, 
    results=0x80a0f10, userdata=0xbf90d6b4) at ne_props.c:616
---Type <return> to continue, or q <return> to quit---
#18 0x080a1235 in ?? ()
#19 0x080a138c in ?? ()
#20 0x080aa828 in ?? ()
#21 0x0809a4ae in ?? ()
#22 0x08063684 in ?? ()
#23 0x08049c4e in ?? ()
#24 0x0018f320 in __libc_start_main () from /lib/libc.so.6
#25 0x08049901 in ?? ()

Version-Release number of selected component (if applicable):
1.3.4-8.fc8

How reproducible:
always

Steps to Reproduce:
1. 
2.
3.
  
Actual results:


Expected results:


Additional info:
neon-0.27.2-2
expat-2.0.1-2

Comment 1 Jerry James 2007-11-30 23:45:57 UTC
This happens on x86_64, too.  In src/tla/libarch/pfs-dav.c, in function results,
this invocation:

  file = str_chr_rindex_n (uri, n, '/') + 1;

sets file to 1, because the str_chr_rindex_n call is returning 0, meaning "not
found".  The code then calls str_length on file, with predictable results.

Incidentally, the string in which it is looking for a '/' (named "uri") is
"http".  The string in data->uri is "/archives/emacs".

I see that tla 1.3.5 has been out since July 2006.  Is there any chance we can
try that to see if it fixes this bug?

Comment 2 Josh Boyer 2007-12-01 01:09:24 UTC
I orphaned this a while ago and it was picked up by Debarshi Ray

Comment 3 Debarshi Ray 2007-12-02 08:30:08 UTC
tla-1.3.5 is available for Fedora 7, Fedora 8 and Rawhide. Can you please try them?

Comment 4 Jerry James 2007-12-03 16:37:31 UTC
No, that doesn't fix the problem. :-(  It's still crashing in exactly the same
spot.  Here is a more detailed backtrace from my F8 x86_64 machine, with
debuginfo installed for expat-2.0.1-2, keyutils-1.2-2, neon-0.27.2-2, and
tla-1.3.5-2.

#0  str_length (x=0x1 <Address 0x1 out of bounds>)
    at /usr/src/debug/tla-1.3.5/src/hackerlab/char/str.c:54
#1  0x0000000000449b60 in results (userdata=0x7ffface6a210, 
    uri=<value optimized out>, set=<value optimized out>)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/pfs-dav.c:940
#2  0x00002aaaaaad9cb3 in end_response (userdata=0x6ff6a0, resource=0x6feb50, 
    status=<value optimized out>, description=0x6feb68 "��o") at ne_props.c:553
#3  0x00002aaaaaad8618 in end_element (userdata=0x6f7da0, state=2, 
    nspace=<value optimized out>, name=<value optimized out>) at ne_207.c:220
#4  0x00002aaaaaad8d22 in end_element (userdata=<value optimized out>, 
    name=<value optimized out>) at ne_xml.c:390
#5  0x000000383c20a035 in doContent (parser=0x6f7f30, startTagLevel=0, 
    enc=0x383c420640, 
    s=0x6fd3f2 "</D:response>\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/gnus/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getlastmodified>Thu,
19 Jan 2006 "..., 
    end=0x6fd692
"GMT</lp1:getlastmodified>\n<lp1:resourcetype><D:collection/></lp1:resourcetype>\n</D:prop>\n<D:status>HTTP/1.1
200
OK</D:status>\n</D:propstat>\n<D:propstat>\n<D:prop>\n<g0:getcontentlength/>\n</D:prop>\n<D:st"...,

    nextPtr=0x6f7f60, haveMore=1 '\001') at lib/xmlparse.c:2449
#6  0x000000383c20acf4 in contentProcessor (parser=0x6f7f30, 
    start=0x6feb68 "��o", 
    end=0x2aaaaaad9c80
"H\211\\$�H\211l$�H\203�\030H\213G`H\211�H\211�H\205�t\026D\213^\bE\205�~\rH\215v\030H\213\177hH\211���H\211�H\211��R���H�EH",

    endPtr=0x6464646464646464) at lib/xmlparse.c:2023
#7  0x000000383c20be19 in doProlog (parser=0x6f7f30, enc=0x383c420640, 
    s=0x6fd207 "<D:multistatus xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response
xmlns:lp1=\"DAV:\" xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getl"...,

    end=0x6fd692
"GMT</lp1:getlastmodified>\n<lp1:resourcetype><D:collection/></lp1:resourcetype>\n</D:prop>\n<D:status>HTTP/1.1
200
OK</D:status>\n</D:propstat>\n<D:propstat>\n<D:prop>\n<g0:getcontentlength/>\n</D:prop>\n<D:st"...,

    tok=29, 
    next=0x6fd207 "<D:multistatus xmlns:D=\"DAV:\"
xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</D:href>\n<D:propstat>\n<D:prop>\n<lp1:getl"...,
nextPtr=0x6f7f60, haveMore=1 '\001') at lib/xmlparse.c:3905
#8  0x000000383c20ce2b in prologProcessor (parser=0x6f7f30, 
    s=0x6fd1e0 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., 
    end=0x6fd692
"GMT</lp1:getlastmodified>\n<lp1:resourcetype><D:collection/></lp1:resourcetype>\n</D:prop>\n<D:status>HTTP/1.1
200
OK</D:status>\n</D:propstat>\n<D:propstat>\n<D:prop>\n<g0:getcontentlength/>\n</D:prop>\n<D:st"...,

    nextPtr=0x6f7f60) at lib/xmlparse.c:3635
#9  0x000000383c203fb1 in XML_ParseBuffer (parser=0x1, len=0, isFinal=0)
    at lib/xmlparse.c:1573
#10 0x00002aaaaaad8e89 in ne_xml_parse (p=0x6f6300, 
    block=0x6fb010 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., len=1202) at ne_xml.c:546
#11 0x00002aaaaaacd479 in ne_read_response_block (req=0x6fafc0, 
    buffer=0x6fb010 "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<D:multistatus
xmlns:D=\"DAV:\" xmlns:ns0=\"DAV:\">\n<D:response xmlns:lp1=\"DAV:\"
xmlns:lp2=\"http://apache.org/dav/props/\"
xmlns:g0=\"DAV:\">\n<D:href>/archives/emacs/</"..., buflen=<value optimized
out>) at ne_request.c:779
#12 0x00002aaaaaacd790 in ne_discard_response (req=0x1) at ne_request.c:1334
#13 0x00002aaaaaace53b in ne_request_dispatch (req=0x6fafc0)
    at ne_request.c:1346
#14 0x00002aaaaaad962d in propfind (handler=0x6ff6a0, 
    results=0x449af0 <results>, userdata=0x7ffface6a210) at ne_props.c:143
#15 0x00002aaaaaad9eaf in ne_simple_propfind (sess=<value optimized out>, 
    href=<value optimized out>, depth=<value optimized out>, props=0x489cc0, 
    results=0x449af0 <results>, userdata=0x7ffface6a210) at ne_props.c:616
#16 0x0000000000449df6 in pfs_directory_files (p=0x6f4dc0, 
    path=<value optimized out>, soft_errors=1)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/pfs-dav.c:406
#17 0x0000000000449ef2 in pfs_file_exists (p=0x6f4dc0, 
    path=<value optimized out>)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/pfs-dav.c:458
#18 0x000000000045269b in pfs_archive_version (a=0x6e2770)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/archive-pfs.c:261
#19 0x00000000004446f2 in arch_archive_connect_location (name=0x0, 
    location=0x7ffface6b8ed "http://arch.sv.gnu.org/archives/emacs", 
    want_mirror_of=0x0)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/archive.c:103
#20 0x0000000000418386 in arch_cmd_register_archive (
    program_name=0x6e1460 "tla register-archive", argc=2, argv=0x7ffface6a490)
    at /usr/src/debug/tla-1.3.5/src/tla/libarch/cmd-register-archive.c:179
#21 0x000000000040277c in main (argc=3, argv=<value optimized out>)
    at /usr/src/debug/tla-1.3.5/src/tla/tla/tla.c:103
#22 0x0000003838e1e074 in __libc_start_main () from /lib64/libc.so.6
#23 0x0000000000402499 in _start ()


Comment 5 Debarshi Ray 2007-12-11 13:11:12 UTC
This bug does not hit Fedora 7 and older systems. I will try to replicate this
on Fedora 8 and Rawhide and see.

Comment 6 Debarshi Ray 2007-12-12 17:22:30 UTC
This is identical to Debian Bug #402952:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402952

Looks like there is a problem with neon >= 0.25.2.

Comment 7 Debarshi Ray 2007-12-13 19:51:53 UTC
Created attachment 287851 [details]
Patch to prevent segmentation fault on Fedora 8 onwards.

The attached patch seems to fix this problem and I have created a new update --
1.3.5-4 -- which uses it. You can find tla-1.3.5-4 on updates-testing or from
http://koji.fedoraproject.org/koji/packageinfo?packageID=3996

Please let me know if this is satisfactory or not,

Comment 8 Fedora Update System 2007-12-15 17:49:41 UTC
tla-1.3.5-4.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tla'

Comment 9 Fedora Update System 2007-12-15 17:51:42 UTC
tla-1.3.5-4.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tla'

Comment 10 Jerry James 2007-12-17 04:49:24 UTC
I don't know what happened to sangu, but 1.3.5-4.fc8 works for me.  Thanks!

Comment 11 Debarshi Ray 2007-12-17 07:22:50 UTC
I am changing the resolution to "WORKSFORME". Feel free to comment if there are
further problems.

Comment 12 Fedora Update System 2007-12-21 21:10:19 UTC
tla-1.3.5-4.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2007-12-21 21:13:15 UTC
tla-1.3.5-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.