[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [Bulk] wget/Chrome bug?
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] [Bulk] wget/Chrome bug? |
Date: |
Thu, 09 Apr 2015 22:58:14 +0200 |
User-agent: |
KMail/4.14.2 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; ) |
Am Donnerstag, 9. April 2015, 15:32:47 schrieb Gisle Vanem:
> Gisle Vanem wrote:
> > I hope it's not only the Windows version of Wget/Gnulib that is
> > vulnerable....
>
> Seems '-DENABLE_DEBUG' and '-DDEBUG_MALLOC' have to be in effect to
> trigger this crash. My previous attempt was with MSVC v18 (release mode).
> Now I've built a MingW 3.21 version with the same CFLAGS and I'm getting
> the almost the same crash report from gdb as I did from WinDbg.
>
> I'll let some of you Wget experts comment and/or verify the cause of
> this. gdb output attached and which has this:
> warning: Heap block at 009CCE70 modified at 009CCE84 past requested size
> of 8
>
> Does this give any clue?
Yes, thanks Gisle.
It comes out with -DDEBUG_MALLOC which enables cleanup() code:
#ifdef DEBUG_MALLOC
...
free_vec (opt.accepts);
...
#endif
To show on Linux:
$ valgrind src/wget -Ahtml http://example.com
==15287== Invalid read of size 8
==15287== at 0x42F4C9: free_vec (utils.c:1286)
==15287== by 0x421B04: cleanup (init.c:1797)
==15287== by 0x4062FE: main (main.c:1771)
==15287== Address 0x95cfa00 is 0 bytes after a block of size 16 alloc'd
==15287== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==15287== by 0x4C2AFCF: realloc (vg_replace_malloc.c:692)
==15287== by 0x439685: xrealloc (xmalloc.c:61)
==15287== by 0x42E6D3: sepstring (utils.c:268)
==15287== by 0x4210A7: cmd_vector (init.c:1079)
==15287== by 0x42196B: setoptval (init.c:876)
==15287== by 0x405255: main (main.c:1153)
I didn't have the time to track it further down, not sure if I have tomorrow.
So, anybody feel free to fix the issue.
To compile and run Wget:
export CFLAGS="... -DDEBUG_MALLOC"
./configure
valgrind src/wget -Ahtml http://example.com
Regards, Tim
signature.asc
Description: This is a digitally signed message part.