Debian Bug report logs - #628068
liferea: Segmentation fault a while after startup

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Arthur de Jong <adejong@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: liferea: Segmentation fault a while after startup

Date: Thu, 26 May 2011 23:02:01 +0200

[Message part 1 (text/plain, inline)]

Subject: liferea: Segmentation fault a while after startup
Package: liferea
Version: 1.6.5-1
Severity: important

Starting today my liferea instance is crashing with a Segmentation
fault. I cannot directly relate it to an action on my part. I can update
all feeds without problems (at least the update monitor indicates that
it is finished) but it does seem to happen shortly after all updates are
finished.

Attached is a gdm backtrace. I've tried to install a whole lot of -dbg
packages but I can provide more info if needed (it is quite
reproducible).

I do see that glib-networking was upgrade yesterday (from 2.28.6.1-1 to
2.28.7-1) which contains the code that triggers the segmentation fault
so if you believe the actual bug is there, feel free to reassign this
bug.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.39-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages liferea depends on:
ii  gconf2                   2.28.1-6        GNOME configuration database syste
ii  libatk1.0-0              2.0.0-1         The ATK accessibility toolkit
ii  libc6                    2.13-4          Embedded GNU C Library: Shared lib
ii  libcairo2                1.10.2-6        The Cairo 2D vector graphics libra
ii  libdbus-1-3              1.4.8-3         simple interprocess messaging syst
ii  libdbus-glib-1-2         0.92-1          simple interprocess messaging syst
ii  libgconf2-4              2.28.1-6        GNOME configuration database syste
ii  libglade2-0              1:2.6.4-1       library to load .glade files at ru
ii  libglib2.0-0             2.28.6-1        The GLib library of C routines
ii  libgtk2.0-0              2.24.4-3        The GTK+ graphical user interface 
ii  libice6                  2:1.0.7-1       X11 Inter-Client Exchange library
ii  liblua5.1-0              5.1.4-5         Simple, extensible, embeddable pro
ii  libnm-glib2              0.8.4.0-1       network management framework (GLib
ii  libnotify1 [libnotify1-g 0.5.0-2         sends desktop notifications to a n
ii  libpango1.0-0            1.28.3-6        Layout and rendering of internatio
ii  libsm6                   2:1.2.0-1       X11 Session Management library
ii  libsoup2.4-1             2.34.2-1        HTTP library implementation in C -
ii  libsqlite3-0             3.7.6.3-1       SQLite 3 shared library
ii  libwebkit-1.0-2          1.2.7-3         Web content engine library for Gtk
ii  libx11-6                 2:1.4.3-1       X11 client-side library
ii  libxml2                  2.7.8.dfsg-2+b1 GNOME XML library
ii  libxslt1.1               1.1.26-7+b1     XSLT 1.0 processing library - runt
ii  liferea-data             1.6.5-1         architecture independent data for 

Versions of packages liferea recommends:
ii  curl                          7.21.6-1   Get a file from an HTTP, HTTPS or 
ii  dbus                          1.4.8-3    simple interprocess messaging syst
ii  dbus-x11                      1.4.8-3    simple interprocess messaging syst
ii  gwget                         1.0.4-1.1  GNOME front-end for wget
ii  wget                          1.12-3.1   retrieves files from the web

Versions of packages liferea suggests:
pn  network-manager               <none>     (no description available)

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

[liferea-crash.log (text/x-log, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 628068@bugs.debian.org (full text, mbox, reply):

From: Arthur de Jong <adejong@debian.org>

To: 628068@bugs.debian.org

Cc: glib-networking@packages.debian.org

Subject: Re: Bug#628068: liferea: Segmentation fault a while after startup

Date: Mon, 30 May 2011 00:14:26 +0200

[Message part 1 (text/plain, inline)]

reassign 628068 glib-networking 2.28.7-1
tags 628068 + patch
thanks

Sorry, this email turned out to be a bit longer than initially planned
but I think I found the problem and a fix.

On Thu, 2011-05-26 at 23:02 +0200, Arthur de Jong wrote:
> I do see that glib-networking was upgrade yesterday (from 2.28.6.1-1 to
> 2.28.7-1) which contains the code that triggers the segmentation fault
> so if you believe the actual bug is there, feel free to reassign this
> bug.

Downgrading glib-networking to 2.28.6.1-1 does not fix the problem. I've
now also installed libgnutls26-dbg and re-run with --debug-all. The last
part of the log is attached.

I've done some more digging and I think the relevant part of the
backtrace is this:

#0  0xaed02e5a in g_tls_client_connection_gnutls_finish_handshake (conn=0x84d5960, inout_error=0x0) at gtlsclientconnection-gnutls.c:352
        gnutls = 0x84d5960
#1  0xaed04081 in handshake_internal (gnutls=0x84d5960, blocking=<value optimized out>, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:886
        peer_certificate = 0x0
        peer_certificate_errors = 0
        ret = -53
#2  0xaed0448b in handshake_in_progress_or_failed (gnutls=<value optimized out>, blocking=<value optimized out>, cancellable=0x0, error=0x0)
    at gtlsconnection-gnutls.c:911
No locals.
#3  0xaed04930 in close_internal (gnutls=0x84d5960, blocking=1, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:1094
No locals.
#4  0xaed04d6e in g_tls_connection_gnutls_close (stream=0x84d5960, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:1114
        gnutls = 0x84d5960
#5  0xb62e6a8d in g_io_stream_close (stream=0x84d5960, cancellable=0x0, error=0x0)
    at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./gio/giostream.c:428
        class = 0x88167d0
        res = 1
        __PRETTY_FUNCTION__ = "g_io_stream_close"

In #5 g_io_stream_close() is called with errors as NULL, which should be
OK according to
http://developer.gnome.org/gio/2.26/GIOStream.html#g-io-stream-close

g_io_stream_close() (#5) from glib just passes error unmodified to
g_tls_connection_gnutls_close() (#4) in glib-networking
which finally ends up calling handshake_internal() (#1) which perhaps
assumes that error is not NULL (it seems to be used in error messages)
and also calls g_tls_client_connection_gnutls_finish_handshake() which
tries to dereference the passed error.

I guess somewhere along the way error needs to be assigned a temporary
value to store the error or all functions should cope with error being
NULL.

Reassigning this bug to glib-networking since that is where the bug
seems to be. If glib shouldn't pass a NULL error to glib-networking,
please reassign.

From a quick glance through Glib docs and current code, I guess the
attached patch should fix the issue. I've tested it on my system and
liferea no longer crashes. However, since it touches TLS-related code
someone that is more familiar with the code should take a look before
blindly accepting this patch.

Also, I've limited this fix to only the
g_tls_client_connection_gnutls_finish_handshake() function. Perhaps it's
a good idea to also check other functions for similar assumptions.

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

[liferea-crash-2.log (text/x-log, attachment)]

[glib-fix-error-null.patch (text/x-patch, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #23 received at 628068@bugs.debian.org (full text, mbox, reply):

From: Fabrice Silva <silva@lma.cnrs-mrs.fr>

To: 628068@bugs.debian.org

Subject: Re: Bug#628068: liferea: Segmentation fault a while after startup

Date: Thu, 09 Jun 2011 16:51:12 +0200

Same trouble with epiphany-browser (unstable) connecting to french tax
office server:

gdb bt:
(gdb) bt
#0  0xae6ede5a in g_tls_client_connection_gnutls_finish_handshake (conn=0x8f56698, inout_error=0x0) at gtlsclientconnection-gnutls.c:352
#1  0xae6ef081 in handshake_internal (gnutls=0x8f56698, blocking=<value optimized out>, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:886
#2  0xae6ef48b in handshake_in_progress_or_failed (gnutls=<value optimized out>, blocking=<value optimized out>, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:911
#3  0xae6ef930 in close_internal (gnutls=0x8f56698, blocking=1, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:1094
#4  0xae6efd6e in g_tls_connection_gnutls_close (stream=0x8f56698, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:1114
#5  0xb662ca8d in g_io_stream_close (stream=0x8f56698, cancellable=0x0, error=0x0) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./gio/giostream.c:428
#6  0xb662cb0a in g_io_stream_dispose (object=0x8f56698) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./gio/giostream.c:110
#7  0xb659ff43 in g_object_unref (_object=0x8f56698) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./gobject/gobject.c:2697
#8  0xae6ee7d5 in gnutls_source_finalize (source=0x8bae7a8) at gtlsconnection-gnutls.c:634
#9  0xb64ed145 in g_source_unref_internal (source=0x8bae7a8, context=0x8143fc0, have_lock=1) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmain.c:1693
#10 0xb64f1321 in g_main_dispatch (context=0x8143fc0) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmain.c:2469
#11 g_main_context_dispatch (context=0x8143fc0) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmain.c:3013
#12 0xb64f1a30 in g_main_context_iterate (context=0x8143fc0, block=1, dispatch=1, self=<value optimized out>)
    at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmain.c:3091
#13 0xb64f20f3 in g_main_loop_run (loop=0x811e910) at /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmain.c:3299
#14 0xb6a63bd9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x080722df in main ()



-- 
Fabrice Silva

Message #32 received at 628068-submitter@bugs.debian.org (full text, mbox, reply):

From: Laurent Bigonville <bigon@debian.org>

To: control@bugs.debian.org

Cc: 628068-submitter@bugs.debian.org

Subject: closing 628068

Date: Thu, 26 Sep 2013 09:44:46 +0200

close 628068 2.32.3-1
thanks

Hi,

I think this is fixed in 2.32.3-1 with a similar patch.

In 2.36.1 (currently in jessie) an assert will be triggered if inout_error is
NULL.

Cheers

Laurent Bigonville

Send a report that this bug log contains spam.