[Bug-wget] wget 1.19.4 - possible double free in url.c

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] wget 1.19.4 - possible double free in url.c

From:	Volkmar Klatt
Subject:	[Bug-wget] wget 1.19.4 - possible double free in url.c
Date:	Thu, 1 Mar 2018 14:01:33 +0000

Dear wget maintainer,

1) in wget 1.19.4 (and probably earlier)
please check carefully

static char * convert_fname (char *fname)
in
src/url.c

I run a OpenBSD machine, x86, ABI=32
and I guess there's a double free when using iconv,
see patch attached.

With this change, all my non-skipped tests pass,
whereas with original url.c most tests fail with core dump:

wget(24305) in free(): error: bogus pointer (double free?)
0xffffffff
-->

#0  0x1c187cb1 in kill () at <stdin>:2
#1  0x1c1b5ab6 in raise (s=6) at
/usr/src/lib/libc/gen/raise.c:39
#2  0x1c1b5a00 in abort () at
/usr/src/lib/libc/stdlib/abort.c:53
#3  0x1c1967f7 in wrterror (msg=0x3c119b56 "bogus pointer
(double free?)", p=0xffffffff)
    at /usr/src/lib/libc/stdlib/malloc.c:281
#4  0x1c197d09 in free (ptr=0xffffffff) at
/usr/src/lib/libc/stdlib/malloc.c:1282
#5  0x1c06d54d in libiconv_close ()
#6  0x1c032334 in url_file_name ()
#7  0x1c01facf in http_loop ()
#8  0x1c02dd7e in retrieve_url ()
#9  0x1c027068 in main ()

2) The documentation might mention that
strict firewall settings may also hinder the tests,
e.g. when traffic from/to 127.0.0.1 is blocked.

Solution: Isolate the machine (no net)
and temporalily disable the firewall, then 'make test'

Thanks,
Volkmar Klatt

patch_src_url_c.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget 1.19.4 - possible double free in url.c, Volkmar Klatt <=
- Re: [Bug-wget] wget 1.19.4 - possible double free in url.c, Tim Rühsen, 2018/03/01

Next by Date: Re: [Bug-wget] wget 1.19.4 - possible double free in url.c
Next by thread: Re: [Bug-wget] wget 1.19.4 - possible double free in url.c
Index(es):
- Date
- Thread