lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] SIGSEGV in scan_cookie_sublist


From: Thomas Dickey
Subject: Re: [Lynx-dev] SIGSEGV in scan_cookie_sublist
Date: Mon, 01 Apr 2013 19:32:49 -0400
User-agent: Mutt/1.5.20 (2009-06-14)

On Mon, Apr 01, 2013 at 09:01:07PM +0000, Thorsten Glaser wrote:
> Dixi quod…
> 
> >possibly a use-after-free, possibly a corruption).
> 
> Definitely use-after-free and on the site that recently
> changed their layout visibly (and thus, maybe cookies):

sadly, neither clang --analyze or coverity found anything to say about 
LYCookie.c

...

That's plausible - valgrind isn't finding anything interesting if I'm not 
exercising the
corresponding type of change to a cookie.  For instance, lots of sites abuse 
the expiration
date.  But I could construct my own cookie with a name not known to the site 
that does
expire before the current session.  It might not be the expiration date, but 
some other
scenario.

You might get some insight on this by running with
        lynx -trace -trace-mask=32

(even, with the 0xdf's, seeing some corruption in the trace)

If I had a reproducible problem in cookies, I'd find it useful to have a 
trace-function
that dumps the list from various points, so I could more easily spot (in the 
long trace)
where it broke.  If the linked-list is broken, tracing it more often would 
likely cause
the program to die near the actual problem.

> (gdb) bt
> #0  scan_cookie_sublist (hostname=0xa68fe080 "www.fanfiction.net",
>     path=0xa0fc5080 "/s/7680982/10", port=80, sublist=0xa877ffe0, header=0x0, 
> secure=0)
>     at /usr/src/gnu/usr.bin/lynx/src/LYCookie.c:726

From your earlier comment -
The sprintf on line 724 printf 4 bytes into an 8-byte buffer.

> #1  0x1c0794bf in LYAddCookieHeader (hostname=0xa68fe080 "www.fanfiction.net",
>     path=0xa0fc5080 "/s/7680982/10", port=80, secure=0)
>     at /usr/src/gnu/usr.bin/lynx/src/LYCookie.c:1886
> #2  0x1c08eefd in HTLoadHTTP (arg=0xa53bdb80 
> "http://www.fanfiction.net/s/7680982/10";,
>     anAnchor=0xa7656c00, format_out=0xa0f806a0, sink=0x0)
>     at /usr/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c:1360

I'm not seeing any cookies if I browse this site :-(

-- 
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]