Am Donnerstag, 9. April 2015, 15:32:47 schrieb Gisle Vanem: > Gisle Vanem wrote: > > I hope it's not only the Windows version of Wget/Gnulib that is > > vulnerable.... > > Seems '-DENABLE_DEBUG' and '-DDEBUG_MALLOC' have to be in effect to > trigger this crash. My previous attempt was with MSVC v18 (release mode). > Now I've built a MingW 3.21 version with the same CFLAGS and I'm getting > the almost the same crash report from gdb as I did from WinDbg. > > I'll let some of you Wget experts comment and/or verify the cause of > this. gdb output attached and which has this: > warning: Heap block at 009CCE70 modified at 009CCE84 past requested size > of 8 > > Does this give any clue?
Yes, thanks Gisle. It comes out with -DDEBUG_MALLOC which enables cleanup() code: #ifdef DEBUG_MALLOC ... free_vec (opt.accepts); ... #endif To show on Linux: $ valgrind src/wget -Ahtml http://example.com ==15287== Invalid read of size 8 ==15287== at 0x42F4C9: free_vec (utils.c:1286) ==15287== by 0x421B04: cleanup (init.c:1797) ==15287== by 0x4062FE: main (main.c:1771) ==15287== Address 0x95cfa00 is 0 bytes after a block of size 16 alloc'd ==15287== at 0x4C28C20: malloc (vg_replace_malloc.c:296) ==15287== by 0x4C2AFCF: realloc (vg_replace_malloc.c:692) ==15287== by 0x439685: xrealloc (xmalloc.c:61) ==15287== by 0x42E6D3: sepstring (utils.c:268) ==15287== by 0x4210A7: cmd_vector (init.c:1079) ==15287== by 0x42196B: setoptval (init.c:876) ==15287== by 0x405255: main (main.c:1153) I didn't have the time to track it further down, not sure if I have tomorrow. So, anybody feel free to fix the issue. To compile and run Wget: export CFLAGS="... -DDEBUG_MALLOC" ./configure valgrind src/wget -Ahtml http://example.com Regards, Tim
signature.asc
Description: This is a digitally signed message part.
