Re: [Bug-wget] [Bulk] wget/Chrome bug?

Thu, 09 Apr 2015 06:33:40 -0700 

Gisle Vanem wrote:


I hope it's not only the Windows version of Wget/Gnulib that is
vulnerable....


Seems '-DENABLE_DEBUG' and '-DDEBUG_MALLOC' have to be in effect to
trigger this crash. My previous attempt was with MSVC v18 (release mode).
Now I've built a MingW 3.21 version with the same CFLAGS and I'm getting
the almost the same crash report from gdb as I did from WinDbg.

I'll let some of you Wget experts comment and/or verify the cause of
this. gdb output attached and which has this:
 warning: Heap block at 009CCE70 modified at 009CCE84 past requested size of 8

Does this give any clue?

--
--gv





F:\MingW32\src\inet\wget\src>gdb -args wget.exe -dr  -Ahtml 
http://cortexture.net/chromebug/test.html
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from F:\MingW32\src\inet\wget\src\wget.exe...done.
(gdb) r
Starting program: F:\MingW32\src\inet\wget\src\wget.exe -dr -Ahtml 
http://cortexture.net/chromebug/test.html
[New Thread 4924.0x1588]
warning: Invalid parameter passed to C runtime function.

Setting --recursive (recursive) to 1
Setting --accept (accept) to html
DEBUG output created by Wget 1.15.00 (09-April-2015) on Win-8.1. Build 9600 
(MingW).

Enqueuing http://cortexture.net/chromebug/test.html at depth 0
Queue count 1, maxcount 1.
[IRI Enqueuing 'http://cortexture.net/chromebug/test.html' with None
Dequeuing http://cortexture.net/chromebug/test.html at depth 0
Queue count 0, maxcount 1.
--2015-04-09 13:25:58--  http://cortexture.net/chromebug/test.html
warning: Invalid parameter passed to C runtime function.

Resolving cortexture.net...
74.220.207.199
Caching cortexture.net => 74.220.207.199
Connecting to cortexture.net|74.220.207.199|:80...
connected.
Created socket 3.
Releasing 0x009c1e28 (new refcount 1).

---request begin---
GET /chromebug/test.html HTTP/1.1
Accept: */*
Accept-Encoding: identity
Host: cortexture.net
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Date: Thu, 09 Apr 2015 13:25:54 GMT
Server: Apache
Last-Modified: Wed, 01 Apr 2015 14:05:15 GMT
Accept-Ranges: bytes
Content-Length: 260
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: text/html

---response end---
200 OK
Registered socket 3 for persistent reuse.
Length: 260 [text/html]
Saving to: 'cortexture.net/chromebug/test.html'

cortexture.net/chromebug/test.html 
100%[==================================================================>]     
260  --.-KB/s   in 0s

warning: Invalid parameter passed to C runtime function.

2015-04-09 13:25:58 (3.07 MB/s) - 'cortexture.net/chromebug/test.html' saved 
[260/260]

Loaded cortexture.net/chromebug/test.html (size 260).
cortexture.net/chromebug/test.html: 
merge('http://cortexture.net/chromebug/test.html', 'http://Lorem ipsum Culpa 
labore qui culpa enim nostr
ud eiusmod ullamco anim in dolor consequat voluptate in in laboris consequat 
dolor occaecat minim aliqua quis id in Duis eiusmod amet id do
ex do dolore dolor anim sit deserunt do.') -> http://Lorem ipsum Culpa labore 
qui culpa enim nostrud eiusmod ullamco anim in dolor consequat
 voluptate in in laboris consequat dolor occaecat minim aliqua quis id in Duis 
eiusmod amet id do ex do dolore dolor anim sit deserunt do.
appending 
'http://lorem%20ipsum%20culpa%20labore%20qui%20culpa%20enim%20nostrud%20eiusmod%20ullamco%20anim%20in%20dolor%20consequat%20volupt
ate%20in%20in%20laboris%20consequat%20dolor%20occaecat%20minim%20aliqua%20quis%20id%20in%20duis%20eiusmod%20amet%20id%20do%20ex%20do%20dolor
e%20dolor%20anim%20sit%20deserunt%20do./' to urlpos.
no-follow in cortexture.net/chromebug/test.html: 0
Deciding whether to enqueue 
"http://lorem%20ipsum%20culpa%20labore%20qui%20culpa%20enim%20nostrud%20eiusmod%20ullamco%20anim%20in%20dolor%20
consequat%20voluptate%20in%20in%20laboris%20consequat%20dolor%20occaecat%20minim%20aliqua%20quis%20id%20in%20duis%20eiusmod%20amet%20id%20do
%20ex%20do%20dolore%20dolor%20anim%20sit%20deserunt%20do./".
This is not the same hostname as the parent's (lorem ipsum culpa labore qui 
culpa enim nostrud eiusmod ullamco anim in dolor consequat volup
tate in in laboris consequat dolor occaecat minim aliqua quis id in duis 
eiusmod amet id do ex do dolore dolor anim sit deserunt do. and cor
texture.net).
Decided NOT to load it.
FINISHED --2015-04-09 13:25:58--
Total wall clock time: 0.5s
Downloaded: 1 files, 260 in 0s (3.07 MB/s)
warning: HEAP[wget.exe]:
warning: Heap block at 009CCE70 modified at 009CCE84 past requested size of 8


Program received signal SIGTRAP, Trace/breakpoint trap.
0x77bb7387 in ?? ()
(gdb) bt
#0  0x77bb7387 in ?? ()
#1  0x77b721d1 in ?? ()
#2  0x77bb63f4 in ?? ()
#3  0x77b57554 in ?? ()
#4  0x77b1206a in ?? ()
#5  0x76e4b0f9 in msvcrt!free () from C:\Windows\SysWOW64\msvcrt.dll
#6  0x009c0000 in ?? ()
#7  0x00419baa in cleanup () at init.c:1797
#8  0x0044a3cf in _fu13__gnulib_optind () at main.c:1771
(gdb)






















					Reply via email to