Bug#715535: /usr/bin/proxy: sometimes crashes when using wpad setup
Petter Reinholdtsen
pere at hungry.com
Wed Jul 10 08:40:39 UTC 2013
Package: libproxy-tools
Version: 0.3.1-6
Severity: important
File: /usr/bin/proxy
User: debian-edu at lists.debian.org
Usertags: debian-edu
Dear Maintainer,
In Debian Edu, we have a problem that some times trigger during the
installation of a Main Server. The automatic proxy setup fail, and our
test suite report that the wpad.dat file we provide do not provide the
correct proxy configuration. The failure causes incorrect PXE setup and
incorrect proxy setup for APT and user applications.
We have not yet fully understood what causes this problem, but I suspect
it is somehow related to DNS lookups. It do not happen every time we
install, and it is thus a bit hard to reproduce. But I was able to
reproduce it just now on a laptop, and tracked it down to the proxy
binary crashing.
The wpad file (available from <URL: http://wpad/wpad.dat > look like
this:
function FindProxyForURL(url, host)
{
if (!isResolvable(host) ||
dnsDomainIs(host, ".intern") ||
isPlainHostName(host))
return "DIRECT";
else
return "PROXY webcache:3128; DIRECT";
}
I've tried to reorder the test in the if statement, but it still
crashes. Here is one example, where the isResolvable() call was placed
last:
function FindProxyForURL(url, host)
{
if (dnsDomainIs(host, ".intern") ||
isPlainHostName(host) ||
!isResolvable(host))
return "DIRECT";
else
return "PROXY webcache:3128; DIRECT";
}
Removing all the DNS lookup stuff from the wpad file seem to get rid of
the crash. This wpad.dat content seem to avoid the crash:
function FindProxyForURL(url, host)
{
return "PROXY webcache:3128; DIRECT";
}
I was able to catch the crash using valgrind. Here is the valgrind
output:
root at tjener:/etc# echo http://www.debian.org | valgrind proxy
==31710== Memcheck, a memory error detector
==31710== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==31710== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==31710== Command: proxy
==31710==
No protocol specified
==31710== Warning: set address range perms: large range [0x3959d000, 0x7959f000) (defined)
==31710== Invalid read of size 8
==31710== at 0x7959DE8B: ???
==31710== by 0x9B2B824: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x9BE3C2F: JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x9A58E30: JSEvaluateScript (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x75516EC: ??? (in /usr/lib/x86_64-linux-gnu/libproxy/0.3.1/modules/pacrunner_webkit.so)
==31710== by 0x4E33C50: px_proxy_factory_get_proxies (in /usr/lib/x86_64-linux-gnu/libproxy.so.0.0.0)
==31710== by 0x400AE2: ??? (in /usr/bin/proxy)
==31710== by 0x56F8EAC: (below main) (libc-start.c:228)
==31710== Address 0x8 is not stack'd, malloc'd or (recently) free'd
==31710==
==31710==
==31710== Process terminating with default action of signal 11 (SIGSEGV)
==31710== Access not within mapped region at address 0x8
==31710== at 0x7959DE8B: ???
==31710== by 0x9B2B824: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x9BE3C2F: JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x9A58E30: JSEvaluateScript (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2)
==31710== by 0x75516EC: ??? (in /usr/lib/x86_64-linux-gnu/libproxy/0.3.1/modules/pacrunner_webkit.so)
==31710== by 0x4E33C50: px_proxy_factory_get_proxies (in /usr/lib/x86_64-linux-gnu/libproxy.so.0.0.0)
==31710== by 0x400AE2: ??? (in /usr/bin/proxy)
==31710== by 0x56F8EAC: (below main) (libc-start.c:228)
==31710== If you believe this happened as a result of a stack
==31710== overflow in your program's main thread (unlikely but
==31710== possible), you can try to increase the size of the
==31710== main thread stack using the --main-stacksize= flag.
==31710== The main thread stack size used in this run was 8388608.
==31710==
==31710== HEAP SUMMARY:
==31710== in use at exit: 181,526 bytes in 677 blocks
==31710== total heap usage: 1,046 allocs, 369 frees, 294,149 bytes allocated
==31710==
==31710== LEAK SUMMARY:
==31710== definitely lost: 62 bytes in 2 blocks
==31710== indirectly lost: 0 bytes in 0 blocks
==31710== possibly lost: 736 bytes in 2 blocks
==31710== still reachable: 180,728 bytes in 673 blocks
==31710== suppressed: 0 bytes in 0 blocks
==31710== Rerun with --leak-check=full to see details of leaked memory
==31710==
==31710== For counts of detected and suppressed errors, rerun with: -v
==31710== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 231 from 8)
Drept
root at tjener:/etc#
I also collected the strace output from a crash. The output is
attached.
Any idea what is wrong? Any idea how to avoid the crash with our
original wpad file?
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libproxy-tools depends on:
ii libc6 2.13-38
ii libproxy0 0.3.1-6
libproxy-tools recommends no packages.
libproxy-tools suggests no packages.
-- no debconf information
--
Happy hacking
Petter Reinholdtsen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: proxy-crash.log
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20130710/8ca64906/attachment-0001.ksh>
More information about the pkg-gnome-maintainers
mailing list