Debian Bug report logs - #310621
libwbxml2-utils: Segfaults

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ian Eure <ieure@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libwbxml2-utils: Segfaults

Date: Tue, 24 May 2005 11:40:26 -0700

Package: libwbxml2-utils
Version: 0.9.0-3
Severity: grave
Justification: renders package unusable

xml2wbxml segfaults whenever I try to convert XML -> WBXML.

$ xml2wbxml -o test.xml si.xml
Segmentation fault
$

LTrace output:

22452 __libc_start_main(0x80488e0, 4, 0xbffff894, 0x8049280, 0x80492e0
<unfinished ...>
22452 strchr("nkh?o:v:", 'o')                    = "o:v:"
22452 fopen("si.xml", "r")                       = 0x804b008
22452 feof(0x804b008)                            = 0
22452 fread(0xbffff400, 1, 1000, 0x804b008)      = 259
22452 ferror(0x804b008)                          = 0
22452 wbxml_realloc(0, 260, 1000, 0x804b008, 259) = 0x804b170
22452 memcpy(0x804b170, "<?xml version="1.0" encoding="ut"..., 259) =
0x804b170
22452 feof(0x804b008)                            = 1
22452 fclose(0x804b008)                          = 0
22452 wbxml_conv_xml2wbxml(0x804b170, 0xbffff3f0, 0xbffff3f4,
0xbffff3f8, 259 <unfinished ...>
22452 --- SIGSEGV (Segmentation fault) ---
22452 +++ killed by SIGSEGV +++

Seems to be a problem with the library.



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libwbxml2-utils depends on:
ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared libraries an
ii  libexpat1                   1.95.8-3     XML parsing C library - runtime li
ii  libpopt0                    1.7-5        lib for parsing cmdline parameters
ii  libwbxml2                   0.9.0-3      WBXML parsing and encoding library
ii  zlib1g                      1:1.2.2-4    compression library - runtime

-- no debconf information

Message #10 received at 310621@bugs.debian.org (full text, mbox, reply):

From: Kenshi Muto <kmuto@debian.org>

To: 310621-submitter@bugs.debian.org, 310621@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: libwbxml2-utils: Segfaults

Date: Wed, 25 May 2005 13:36:40 +0900

tags 310621 moreinfo
thanks

> $ xml2wbxml -o test.xml si.xml
> Segmentation fault

Could you send this si.xml?

Thanks,
-- 
Kenshi Muto
kmuto@debian.org

Message #22 received at 310621-quiet@bugs.debian.org (full text, mbox, reply):

From: Ian Eure <ieure@debian.org>

To: Kenshi Muto <kmuto@debian.org>, 310621-quiet@bugs.debian.org

Subject: Re: Bug#310621: libwbxml2-utils: Segfaults

Date: Tue, 24 May 2005 22:02:11 -0700

[Message part 1 (text/plain, inline)]

On Tuesday 24 May 2005 09:36 pm, Kenshi Muto wrote:
> Could you send this si.xml?
>
Here you go.

[si.xml (text/xml, attachment)]

Message #27 received at 310621@bugs.debian.org (full text, mbox, reply):

From: Riku Voipio <riku.voipio@iki.fi>

To: Ian Eure <ieure@debian.org>, 310621@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug#310621: libwbxml2-utils: Segfaults

Date: Wed, 25 May 2005 10:31:39 +0300

severity 310621 important
tags 310621 +unreproducible
thanks

Hi,

While it is annoying that wbxml might crash on some input files,
it does not render it useless for everyone. And please provide some
test file, preferrably a minimized test case.

On Tue, May 24, 2005 at 11:40:26AM -0700, Ian Eure wrote:
> Package: libwbxml2-utils
> Version: 0.9.0-3
> Severity: grave
> Justification: renders package unusable
> 
> xml2wbxml segfaults whenever I try to convert XML -> WBXML.
> 
> $ xml2wbxml -o test.xml si.xml
> Segmentation fault
> $
> 
> LTrace output:
> 
> 22452 __libc_start_main(0x80488e0, 4, 0xbffff894, 0x8049280, 0x80492e0
> <unfinished ...>
> 22452 strchr("nkh?o:v:", 'o')                    = "o:v:"
> 22452 fopen("si.xml", "r")                       = 0x804b008
> 22452 feof(0x804b008)                            = 0
> 22452 fread(0xbffff400, 1, 1000, 0x804b008)      = 259
> 22452 ferror(0x804b008)                          = 0
> 22452 wbxml_realloc(0, 260, 1000, 0x804b008, 259) = 0x804b170
> 22452 memcpy(0x804b170, "<?xml version="1.0" encoding="ut"..., 259) =
> 0x804b170
> 22452 feof(0x804b008)                            = 1
> 22452 fclose(0x804b008)                          = 0
> 22452 wbxml_conv_xml2wbxml(0x804b170, 0xbffff3f0, 0xbffff3f4,
> 0xbffff3f8, 259 <unfinished ...>
> 22452 --- SIGSEGV (Segmentation fault) ---
> 22452 +++ killed by SIGSEGV +++
> 
> Seems to be a problem with the library.
> 
> 
> 
> -- System Information:
> Debian Release: 3.1
>   APT prefers testing
>   APT policy: (900, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.10-1-686
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> 
> Versions of packages libwbxml2-utils depends on:
> ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared libraries an
> ii  libexpat1                   1.95.8-3     XML parsing C library - runtime li
> ii  libpopt0                    1.7-5        lib for parsing cmdline parameters
> ii  libwbxml2                   0.9.0-3      WBXML parsing and encoding library
> ii  zlib1g                      1:1.2.2-4    compression library - runtime
> 
> -- no debconf information

Message #36 received at 310621@bugs.debian.org (full text, mbox, reply):

From: "Stijn van Drongelen" <tinctorius@gmail.com>

To: 310621@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug#310621: libwbxml2-utils: Segfaults

Date: Sun, 20 Jan 2008 01:32:38 +0100

[Message part 1 (text/plain, inline)]

tags 310621 -unreproducible
tags 310621 +patch
thanks

Ian Eure already submitted a test case, and I got a segfault as well.

If you install the debugging symbols for libwbxml2 and run xml2wbxml
in gdb, you can see it crashes on line 1878 of wbxml_encoder.c,
because encoder->current_attr is NULL.
wbxml_encode_value_element_buffer is buggy, because it tries to
dereference pointers of which it just assumes they are not NULL. I
don't know how the encoder works, but I guess current_attr MUST be
checked for NULL-ness before using it.

It's also recommended to check all of wbxml_encoder.c for this kind of
bugs; are we sure that encoder->lang and friends are never NULL?

And IMHO, a parsing library (like libwbxml2) should be as robust as
possible, and return an error instead of choking on it's own bad
pointers. It's not "just annoying", it makes applications of the
library unreliable.

Sincerely,

Stijn van Drongelen

[current_attr_null.patch (text/x-diff, attachment)]

Message #45 received at 310621-close@bugs.debian.org (full text, mbox, reply):

From: Riku Voipio <riku.voipio@iki.fi>

To: 310621-close@bugs.debian.org

Subject: Bug#310621: fixed in wbxml2 0.9.2-4

Date: Mon, 28 Jan 2008 22:17:03 +0000

Source: wbxml2
Source-Version: 0.9.2-4

We believe that the bug you reported is fixed in the latest version of
wbxml2, which is due to be installed in the Debian FTP archive:

libwbxml2-0-dbg_0.9.2-4_i386.deb
  to pool/main/w/wbxml2/libwbxml2-0-dbg_0.9.2-4_i386.deb
libwbxml2-0_0.9.2-4_i386.deb
  to pool/main/w/wbxml2/libwbxml2-0_0.9.2-4_i386.deb
libwbxml2-dev_0.9.2-4_i386.deb
  to pool/main/w/wbxml2/libwbxml2-dev_0.9.2-4_i386.deb
libwbxml2-utils_0.9.2-4_i386.deb
  to pool/main/w/wbxml2/libwbxml2-utils_0.9.2-4_i386.deb
wbxml2_0.9.2-4.diff.gz
  to pool/main/w/wbxml2/wbxml2_0.9.2-4.diff.gz
wbxml2_0.9.2-4.dsc
  to pool/main/w/wbxml2/wbxml2_0.9.2-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 310621@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Riku Voipio <riku.voipio@iki.fi> (supplier of updated wbxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 28 Jan 2008 23:29:44 +0200
Source: wbxml2
Binary: libwbxml2-0-dbg libwbxml2-0 libwbxml2-dev libwbxml2-utils
Architecture: source i386
Version: 0.9.2-4
Distribution: unstable
Urgency: low
Maintainer: Riku Voipio <riku.voipio@iki.fi>
Changed-By: Riku Voipio <riku.voipio@iki.fi>
Description: 
 libwbxml2-0 - WBXML parsing and encoding library
 libwbxml2-0-dbg - WBXML library development file
 libwbxml2-dev - WBXML library development file
 libwbxml2-utils - WBXML utils
Closes: 310621 422645 461618
Changes: 
 wbxml2 (0.9.2-4) unstable; urgency=low
 .
   * Fix segault in wbxml_encoder.c, closes: #310621
     - Thanks Stijn van Drongelen
   * Add Sax like entity parsing, closes: #461618
   * The above changes library behaviour, bump version dependency
     - Thanks Stijn van Drongelen
   * Fix version in .pc ile, closes: #422645
     - Thanks Jonny Lamb
   * From synce project, Thanks Jonny Lamb
     - Miscallaneus build fixes and anonymous document support
   	- Namespaces support
   * Update to match policy 3.7.3
     - Source-Version -> binary:Version
     - Add Homepage:
   * move -dev and -dbg to libdevel and -dbg priority extra
Files: 
 c72307e1f77e2c2328847431daf65bf0 744 libs optional wbxml2_0.9.2-4.dsc
 c97c41781b0271aae02c643f7addca29 9213 libs optional wbxml2_0.9.2-4.diff.gz
 23a74fe385b9d7f87333aacd3311938a 89386 libdevel optional libwbxml2-dev_0.9.2-4_i386.deb
 348e2dad65f530aec0b8bddd333af35c 88140 libdevel extra libwbxml2-0-dbg_0.9.2-4_i386.deb
 5a2ad9a2e33c31a68fd07bbc5d0e8ba7 65972 libs optional libwbxml2-0_0.9.2-4_i386.deb
 253bd884426b92ab37c56630d41bef53 20890 text optional libwbxml2-utils_0.9.2-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHnlBTibPvMsrqrwMRAknpAJ46T4t2lVhvNZ4ZWDCApWTIjwE+AACfe+x9
4t97AmiXtNe7Gi1Lvyslw8Y=
=IhpZ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.