segfault in gnutls-cli -d 65535 post.craigslist.org

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jul 31 17:50:00 CEST 2012 

In attempting to replicate Todd T. Fries' report, i found a segmentation
fault in gnutls-cli when asking for out-of-range debugging (> 9999):

here's a backtrace from debian-packaged 3.0.20-3:


(gdb) run -d 65535 post.craigslist.org
Starting program: /usr/bin/gnutls-cli -d 65535 post.craigslist.org
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0xb7d5cbb0 in _IO_vfprintf_internal (s=0xbfffde20, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\350t\005\b\377\377") at vfprintf.c:1623
1623	vfprintf.c: No such file or directory.
(gdb) bt
#0  0xb7d5cbb0 in _IO_vfprintf_internal (s=0xbfffde20, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\350t\005\b\377\377") at vfprintf.c:1623
#1  0xb7d5d092 in buffered_vfprintf (s=0xb7e74580, format=0xffff <Address 0xffff out of bounds>, args=0xffffffff <Address 0xffffffff out of bounds>)
    at vfprintf.c:2289
#2  0xb7d58273 in _IO_vfprintf_internal (s=0xb7e74580, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\350t\005\b\377\377") at vfprintf.c:1309
#3  0xb7d6232f in __fprintf (stream=0xb7e74580, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n") at fprintf.c:33
#4  0xb7e8acb6 in optionShowRange () from /usr/lib/libopts.so.25
#5  0x08053f68 in doOptDebug (pOptions=0x805c140, pOptDesc=0x805c1e0) at cli-args.c:1046
#6  0xb7e84c81 in ?? () from /usr/lib/libopts.so.25
#7  0xb7e8d243 in ?? () from /usr/lib/libopts.so.25
#8  0xb7e8eef3 in optionProcess () from /usr/lib/libopts.so.25
#9  0x0804cd1a in cmd_parser (argv=0xbffff824, argc=4) at cli.c:1107
#10 main (argc=4, argv=0xbffff824) at cli.c:848


and here it is from 3.0.21-1:

(gdb) run -d 65535 post.craigslist.org
Starting program: /usr/bin/gnutls-cli -d 65535 post.craigslist.org
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0xb7d5cbb0 in _IO_vfprintf_internal (s=0xbfffde20, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\bu\005\b\377\377") at vfprintf.c:1623
1623	vfprintf.c: No such file or directory.
(gdb) bt
#0  0xb7d5cbb0 in _IO_vfprintf_internal (s=0xbfffde20, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\bu\005\b\377\377") at vfprintf.c:1623
#1  0xb7d5d092 in buffered_vfprintf (s=0xb7e74580, format=0xffff <Address 0xffff out of bounds>, args=0xffffffff <Address 0xffffffff out of bounds>)
    at vfprintf.c:2289
#2  0xb7d58273 in _IO_vfprintf_internal (s=0xb7e74580, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n", 
    ap=0xbfffe4c8 "\260\371\377\277\bu\005\b\377\377") at vfprintf.c:1309
#3  0xb7d6232f in __fprintf (stream=0xb7e74580, format=0xb7e98bb1 "%s error:  %s option value ``%s'' is out of range.\n") at fprintf.c:33
#4  0xb7e8acb6 in optionShowRange () from /usr/lib/libopts.so.25
#5  0x08053f88 in doOptDebug (pOptions=0x805c140, pOptDesc=0x805c1e0) at cli-args.c:1046
#6  0xb7e84c81 in ?? () from /usr/lib/libopts.so.25
#7  0xb7e8d243 in ?? () from /usr/lib/libopts.so.25
#8  0xb7e8eef3 in optionProcess () from /usr/lib/libopts.so.25
#9  0x0804cd1a in cmd_parser (argv=0xbffff824, argc=4) at cli.c:1107
#10 main (argc=4, argv=0xbffff824) at cli.c:848
(gdb) 


Something about the way optionShowRange is being invoked, or the data
being passed to it seems wrong, but i'm not sure what it is.

      --dkg

More information about the Gnutls-devel mailing list