Control: fixed 917018 wget/1.19.1-1 Control: tags 917018 + upstream
Dear Maintainer, hello RW Penney, I had a look and think I found something. You have by any chance made something like 'chmod 000 ~/.wget-hsts' ? Because in that case we end up in a backtrace like below. (And stretch systems with a writeable ~/.wget-hsts are not affected.) That is because when fp is NULL it is still tried to given to fclose(). Upstream has fixed this in commit [1]. Kind regards, Bernhard [1] http://git.savannah.gnu.org/cgit/wget.git/commit/src/hsts.c?id=40870e1271c977d9b80734690a5691a68bf05473 (gdb) bt #0 _IO_new_fclose (fp=fp@entry=0x0) at iofclose.c:53 #1 0x00005555555722ca in hsts_store_open (filename=<optimized out>) at ../../src/hsts.c:513 #2 0x000055555556102c in load_hsts () at ../../src/main.c:186 #3 main (argc=argc@entry=6, argv=argv@entry=0x7fffffffe628) at ../../src/main.c:1897 #4 0x00007ffff69b62e1 in __libc_start_main (main=0x55555555fb40 <main>, argc=6, argv=0x7fffffffe628, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe618) at ../csu/libc-start.c:291 #5 0x000055555556147a in _start () (gdb) list hsts_store_open 492 hsts_store_open (const char *filename) 493 { ... 508 if (!fp || !hsts_read_database (store, fp, false)) 509 { 510 /* abort! */ 511 hsts_store_close (store); 512 xfree (store); 513 fclose (fp); 514 goto out; 515 }
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917018#18 : Program received signal SIGSEGV, Segmentation fault. _IO_new_fclose (fp=0x0) at iofclose.c:53 53 iofclose.c: No such file or directory. #0 _IO_new_fclose (fp=0x0) at iofclose.c:53 #1 0x00005555555722ca in ?? () #2 0x000055555556102c in ?? () #3 0x00007ffff69b62e1 in __libc_start_main (main=0x55555555fb40, argc=6, argv=0x7fffffffe848, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe838) at ../csu/libc-start.c:291 #4 0x000055555556147a in ?? () Detaching from program: /usr/bin/wget, process 2009 ################# # stretch amd64 qemu VM apt update apt dist-upgrade apt install devscripts dpkg-dev systemd-coredump gdb wget-dbgsym mkdir source/wget/orig -p cd source/wget/orig apt source wget cd ../.. mkdir /tmp/wget-test cd /tmp/wget-test wget -r -k -l inf http://www.debian.org # no crash ... root@debian:/tmp/wget-test# uname -a Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux root@debian:/tmp/wget-test# cat /etc/debian_version 9.6 gdb -q \ -ex 'set backtrace past-main on' \ -ex 'set width 0' \ -ex 'set pagination off' \ -ex 'directory /home/benutzer/source/wget/orig/wget-1.18/debian/patches' \ --args wget -r -k -l inf http://www.debian.org (gdb) disassemble main 0x0000555555561027 <+5351>: callq 0x555555572190 <hsts_store_open> 0x000055555556102c <+5356>: test %rax,%rax (gdb) disassemble hsts_store_open 0x00005555555722c5 <+309>: callq 0x55555555f600 0x00005555555722ca <+314>: jmpq 0x5555555721f3 <hsts_store_open+99> (gdb) list hsts_store_open 490 491 hsts_store_t 492 hsts_store_open (const char *filename) 493 { 494 hsts_store_t store = NULL; 495 496 store = xnew0 (struct hsts_store); 497 store->table = hash_table_new (0, hsts_hash_func, hsts_cmp_func); 498 store->last_mtime = 0; 499 store->changed = false; 500 501 if (file_exists_p (filename)) 502 { 503 if (hsts_file_access_valid (filename)) 504 { 505 struct_stat st; 506 FILE *fp = fopen (filename, "r"); 507 508 if (!fp || !hsts_read_database (store, fp, false)) 509 { 510 /* abort! */ 511 hsts_store_close (store); 512 xfree (store); 513 fclose (fp); 514 goto out; 515 } 516 517 if (fstat (fileno (fp), &st) == 0) 518 store->last_mtime = st.st_mtime; 519 520 fclose (fp); 521 } 522 else 523 { 524 /* 525 * If we're not reading the HSTS database, 526 * then by all means act as if HSTS was disabled. 527 */ 528 hsts_store_close (store); 529 xfree (store); 530 531 logprintf (LOG_NOTQUIET, "Will not apply HSTS. " 532 "The HSTS database must be a regular and non-world-writable file.\n"); 533 } 534 } 535 536 out: 537 return store; 538 } (gdb) disassemble /m hsts_store_open ... 512 xfree (store); 0x00005555555722b8 <+296>: mov %rbx,%rdi 0x00005555555722bb <+299>: xor %ebx,%ebx 0x00005555555722bd <+301>: callq 0x55555555f328 513 fclose (fp); 0x00005555555722c2 <+306>: mov %rbp,%rdi 0x00005555555722c5 <+309>: callq 0x55555555f600 0x00005555555722ca <+314>: jmpq 0x5555555721f3 <hsts_store_open+99> 0x00005555555722cf <+319>: nop 514 goto out; (gdb) list hsts_read_database 270 271 static bool 272 hsts_read_database (hsts_store_t store, FILE *fp, bool merge_with_existing_entries) 273 { 274 char *line = NULL, *p; 275 size_t len = 0; 276 int items_read; 277 bool result = false; 278 bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool); 279 280 char host[256]; 281 int port; 282 time_t created, max_age; 283 int include_subdomains; 284 285 func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry); 286 287 while (getline (&line, &len, fp) > 0) 288 { 289 for (p = line; c_isspace (*p); p++) 290 ; 291 292 if (*p == '#') 293 continue; 294 295 items_read = sscanf (p, "%255s %d %d %lu %lu", 296 host, 297 &port, 298 &include_subdomains, 299 (unsigned long *) &created, 300 (unsigned long *) &max_age); 301 302 if (items_read == 5) 303 func (store, host, port, created, max_age, !!include_subdomains); 304 } 305 306 xfree (line); 307 result = true; 308 309 return result; 310 } ############## mkdir /tmp/wget-test cd /tmp/wget-test touch /home/benutzer/.wget-hsts chmod 000 /home/benutzer/.wget-hsts gdb -q -ex 'set backtrace past-main on' -ex 'set width 0' -ex 'set pagination off' -ex 'directory /home/benutzer/source/wget/orig/wget-1.18/debian/patches' --args wget -r -k -l inf http://www.debian.org Reading symbols from wget...Reading symbols from /usr/lib/debug/.build-id/65/d641edbbabe10c2b4106acfb0f4b0773b7d570.debug...done. done. Source directories searched: /home/benutzer/source/wget/orig/wget-1.18/debian/patches:$cdir:$cwd (gdb) run Starting program: /usr/bin/wget -r -k -l inf http://www.debian.org [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. _IO_new_fclose (fp=fp@entry=0x0) at iofclose.c:53 53 iofclose.c: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 _IO_new_fclose (fp=fp@entry=0x0) at iofclose.c:53 #1 0x00005555555722ca in hsts_store_open (filename=<optimized out>) at ../../src/hsts.c:513 #2 0x000055555556102c in load_hsts () at ../../src/main.c:186 #3 main (argc=argc@entry=6, argv=argv@entry=0x7fffffffe628) at ../../src/main.c:1897 #4 0x00007ffff69b62e1 in __libc_start_main (main=0x55555555fb40 <main>, argc=6, argv=0x7fffffffe628, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe618) at ../csu/libc-start.c:291 #5 0x000055555556147a in _start () http://git.savannah.gnu.org/cgit/wget.git/commit/src/hsts.c?id=40870e1271c977d9b80734690a5691a68bf05473
