[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [bug #46806] Segfault on downloading a file with unicode diac
From: |
Tomasz Ostrowski |
Subject: |
[Bug-wget] [bug #46806] Segfault on downloading a file with unicode diacritics in file name |
Date: |
Mon, 04 Jan 2016 10:20:19 +0000 |
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 |
URL:
<http://savannah.gnu.org/bugs/?46806>
Summary: Segfault on downloading a file with unicode
diacritics in file name
Project: GNU Wget
Submitted by: tometzky
Submitted on: Mon 04 Jan 2016 10:20:16 AM GMT
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: 1.17
Operating System: None
Reproducibility: Every Time
Fixed Release: None
Planned Release: None
Regression: None
Work Required: None
Patch Included: No
_______________________________________________________
Details:
Example filename: "Zażółć gęślą jaźń"
$ MALLOC_CHECK_=3 ./wget -S
'http://prhn.ato.waw.pl/~tometzky/tmp/Za%C5%BC%C3%B3%C5%82%C4%87%20g%C4%99%C5%9Bl%C4%85%20ja%C5%BA%C5%84'
--2016-01-04 11:09:49--
http://prhn.ato.waw.pl/~tometzky/tmp/Za%C5%BC%C3%B3%C5%82%C4%87%20g%C4%99%C5%9Bl%C4%85%20ja%C5%BA%C5%84
Resolving prhn.ato.waw.pl (prhn.ato.waw.pl)... 81.18.204.35
Connecting to prhn.ato.waw.pl (prhn.ato.waw.pl)|81.18.204.35|:80...
connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Mon, 04 Jan 2016 10:09:49 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 11 Jul 2007 14:07:10 GMT
ETag: "591071-0-434fd64d69f80"
Accept-Ranges: bytes
Content-Length: 0
Connection: close
Content-Type: text/plain
Length: 0 [text/plain]
Saving to: ‘Zażó\305%82\304%87 g\304%99\305%9Bl\304%85 jaź\305%84.4’
Zażó�%82�%87 g�%99�%9Bl�%85 jaź�%84.4 [<=>
] 0 --.-KB/s
Segmentation fault (core dumped)
$ gdb -c core.2499 ./wget
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __memset_sse2 () at ../sysdeps/x86_64/memset.S:93
93 movdqa %xmm8, (%rcx)
(gdb) bt
#0 __memset_sse2 () at ../sysdeps/x86_64/memset.S:93
#1 0x000000000042f49f in create_image (bp=0x269b000, dl_total_time=0,
done=true) at progress.c:1167
#2 0x000000000042e46c in bar_finish (progress=0x269b000, dltime=0) at
progress.c:673
#3 0x000000000042d806 in progress_finish (progress=0x269b000, dltime=0) at
progress.c:197
#4 0x000000000043300c in fd_read_body (downloaded_filename=0x2695190
"Zażó\305%82\304%87 g\304%99\305%9Bl\304%85 jaź\305%84.4", fd=4,
out=0x2698bc0, toread=0, startpos=0, qtyread=0x7fffb4511f10,
qtywritten=0x7fffb4511ec0, elapsed=0x7fffb4511f18, flags=1, out2=0x0) at
retr.c:429
#5 0x000000000041fbec in read_response_body (hs=0x7fffb4511ec0, sock=4,
fp=0x2698bc0, contlen=0, contrange=0, chunked_transfer_encoding=false,
url=0x2694e40
"http://prhn.ato.waw.pl/~tometzky/tmp/Za%C5%BC%C3%B3%C5%82%C4%87%20g%C4%99%C5%9Bl%C4%85%20ja%C5%BA%C5%84",
warc_timestamp_str=0x7fffb4511970 "\240\065Y\361\250\177",
warc_request_uuid=0x7fffb4511940 "\t", warc_ip=0x0, type=0x2677dd0
"text/plain",
statcode=200,
head=0x2698920 "HTTP/1.1 200 OK\r\nDate: Mon, 04 Jan 2016 10:09:49
GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nLast-Modified: Wed, 11 Jul 2007
14:07:10 GMT\r\nETag: \"591071-0-434fd64d69f80\"\r\nAccept-Ranges:
bytes\r\nContent-Length"...) at http.c:1682
#6 0x0000000000423d08 in gethttp (u=0x2694d10, hs=0x7fffb4511ec0,
dt=0x7fffb4512204, proxy=0x0, iri=0x2694bc0, count=1) at http.c:3753
#7 0x00000000004243a6 in http_loop (u=0x2694d10, original_url=0x2694d10,
newloc=0x7fffb4512048, local_file=0x7fffb4512038, referer=0x0,
dt=0x7fffb4512204, proxy=0x0, iri=0x2694bc0) at http.c:3971
#8 0x0000000000433a37 in retrieve_url (orig_parsed=0x2694d10,
origurl=0x2694b40
"http://prhn.ato.waw.pl/~tometzky/tmp/Za%C5%BC%C3%B3%C5%82%C4%87%20g%C4%99%C5%9Bl%C4%85%20ja%C5%BA%C5%84",
file=0x7fffb4512210, newloc=0x7fffb4512208, refurl=0x0, dt=0x7fffb4512204,
recursive=false, iri=0x2694bc0, register_status=true) at retr.c:817
#9 0x000000000042c7ef in main (argc=3, argv=0x7fffb45123e8) at main.c:1868
$ locale
LANG=en_US.utf8
LC_CTYPE="en_US.utf8"
LC_NUMERIC="en_US.utf8"
LC_TIME="en_US.utf8"
LC_COLLATE="en_US.utf8"
LC_MONETARY="en_US.utf8"
LC_MESSAGES="en_US.utf8"
LC_PAPER="en_US.utf8"
LC_NAME="en_US.utf8"
LC_ADDRESS="en_US.utf8"
LC_TELEPHONE="en_US.utf8"
LC_MEASUREMENT="en_US.utf8"
LC_IDENTIFICATION="en_US.utf8"
LC_ALL=
This is self-compiled wget 1.17.1 on Fedora 23 x86_64:
$ cd wget-1.17.1/
$ ./configure --prefix=/tmp/wget
$ make CFLAGS='-O0 -g'
$ make install
I don't know if it's exploitable memory corruption.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 04 Jan 2016 10:20:16 AM GMT Name: core.2499.xz Size: 92kB By:
tometzky
Core file attached (xz compressed).
<http://savannah.gnu.org/bugs/download.php?file_id=35915>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?46806>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Bug-wget] [bug #46806] Segfault on downloading a file with unicode diacritics in file name,
Tomasz Ostrowski <=