Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: When I try to clone a git repository over https (as opposed to http), it crashes either with SIGSEGV or with glibc "double free or corruption" check. I have tried two different https servers and several different git versions (both from Fedora and compiled by myself), and several distributions (F7, F8 and F10, all x86_64). The same repository clone always works when cloning over http instead of https. I have reported this to the git mailing list, and got a hint that the problem could be in Fedora using libcurl with nss. So I have grabbed a src.rpm, removed the "--without-ssl --with-nss=%{_prefix}" statements from the %configure command, rebuilt, installed, and now git clone works. So the problem is apparently either in libcurl usage of nss, or with libnss itself. Version-Release number of selected component (if applicable): git-1.6.0.6-1.fc10.x86_64 (tested also with 1.6.1.2 compiled by myself) curl-7.18.2-9.fc10.x86_64 (tested also with 7.18.2-7 from stock F10, and today's rawhide version curl-7.18.2-9.fc11.x86_64) nss-3.12.2.0-3.fc10.x86_64 How reproducible: 100 % Steps to Reproduce: 1. add the following certificate to ca-bundle.crt: # cat >> /etc/pki/tls/certs/ca-bundle.crt -----BEGIN CERTIFICATE----- MIICsTCCAhoCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAkNaMRcwFQYD VQQIEw5DemVjaCBSZXB1YmxpYzENMAsGA1UEBxMEQnJubzEfMB0GA1UEChMWRmFj dWx0eSBvZiBJbmZvcm1hdGljczEMMAoGA1UECxMDQ1ZUMRowGAYDVQQDExFBZG1p bmlzdHJhdGl2YSBGSTEeMBwGCSqGSIb3DQEJARYPdW5peEBmaS5tdW5pLmN6MB4X DTk3MTExMDEyMDQyOVoXDTI1MDMyODEyMDQyOVowgaAxCzAJBgNVBAYTAkNaMRcw FQYDVQQIEw5DemVjaCBSZXB1YmxpYzENMAsGA1UEBxMEQnJubzEfMB0GA1UEChMW RmFjdWx0eSBvZiBJbmZvcm1hdGljczEMMAoGA1UECxMDQ1ZUMRowGAYDVQQDExFB ZG1pbmlzdHJhdGl2YSBGSTEeMBwGCSqGSIb3DQEJARYPdW5peEBmaS5tdW5pLmN6 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMm0dLLgsMSwmYPZdYYDGNsdwK 04k9O5gTYk+S70+ygUsLQNL+VLYqprsfZkDelX2wea8oUkj69R8I+vF6N1E8Ubik 3c4RFqJB6tsnTJT1YplCFd7s1BZlGSEKHC3OzHYp19pnXc0IHgX404pgpmuXaq6R Xu+D8iboFKi60ZpsVQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAD7842aqJRKlFDzk LK8SpR8KZ/jYWSdzNrwCQfLAlAzo8wDTcC3hgnaiKHJq4ZvS9h2tnGWm+qEToQwB oKjKyR87zaFeEWu/tNxBNPkAXfX9jdyJ5ozDTVDpFLoLEZ5ppIuh/ZDbPhjTQZrc IFfjrlWlrKXmiH9hCSQ5R/lIlrnG -----END CERTIFICATE----- EOF 2. git clone --bare https://www.fi.muni.cz/~kas/tmp/git.git (a clone of the official Git repository) Actual results: Initialized empty Git repository in /tmp/git.git/ Getting alternates list for https://www.fi.muni.cz/~kas/tmp/git.git *** glibc detected *** git: double free or corruption (!prev): 0x000000000432a3d0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3653077ec8] /lib64/libc.so.6(cfree+0x76)[0x365307a486] /lib64/libnsspem.so[0x7fc9d2113a75] /lib64/libnsspem.so[0x7fc9d2102a56] /lib64/libnsspem.so[0x7fc9d21081a9] /lib64/libnsspem.so[0x7fc9d210f9c4] /lib64/libnss3.so[0x327f24bc4d] /lib64/libnss3.so(PK11_CreateGenericObject+0x42)[0x327f24bed2] /usr/lib64/libcurl.so.4[0x7fc9d2e5e129] /usr/lib64/libcurl.so.4(Curl_nss_connect+0x622)[0x7fc9d2e5e9f2] /usr/lib64/libcurl.so.4(Curl_protocol_connect+0xd2)[0x7fc9d2e3ed72] /usr/lib64/libcurl.so.4[0x7fc9d2e51fd3] /usr/lib64/libcurl.so.4(curl_multi_perform+0x8b)[0x7fc9d2e522ab] git[0x49de9f] git[0x49a69d] git[0x49a971] git[0x494b41] git[0x4942f3] git[0x415674] git[0x4041a3] git[0x4043bc] /lib64/libc.so.6(__libc_start_main+0xe6)[0x365301e576] git[0x403c69] ======= Memory map: ======== 00400000-004d3000 r-xp 00000000 08:01 4778506 /usr/bin/git 006d2000-006d6000 rw-p 000d2000 08:01 4778506 /usr/bin/git [...] Aborted Expected results: A clone of the repository over https. Additional info: For testing purposes, the same repository is available both over http and https. Unfortunately, git/libcurl does too many small allocations, so that running it with LD_PRELOAD=/usr/lib64/libefence.so is not feasible (it dies with Cannot allocate memory). Originally reported here: http://marc.info/?l=git&m=123325473627608&w=2
seems to be related to Bug 483855
*** This bug has been marked as a duplicate of bug 483855 ***
META: I think a bug with lower ID should not be marked as a duplicate of a bug with higher ID; technically speaking, the duplicate is the newer bug. Anyway, thanks for the patch in the bug 483855, I will try it in a week or so.