Bug#787605: more segfaults

Wed Jun 3 13:34:13 UTC 2015

I'm on amd64.

Cloning git repositories over https segfaults silently with

% git clone https://gitlab.lrde.epita.fr/spot/spot.git
Cloning into 'spot'...
% echo $?
128

Downloading https pages with wget segfaults

% wget https://www.reddit.com
--2015-06-03 14:28:23--  https://www.reddit.com/
Resolving www.reddit.com (www.reddit.com)... 198.41.209.137,
198.41.208.139, 198.41.209.143, ...
Connecting to www.reddit.com (www.reddit.com)|198.41.209.137|:443... connected.
Segmentation fault (core dumped)

Here is a backtrace, as reported by gdb for the above command

Program received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
36      ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such
file or directory.
(gdb) bt
#0  __memcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
#1  0x00007ffff74d927f in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#2  0x00007ffff74d9179 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#3  0x00007ffff746820e in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#4  0x00007ffff746aaa5 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#5  0x00007ffff74a201d in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#6  0x00007ffff74a2d8c in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#7  0x00007ffff74a3a52 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#8  0x00007ffff74aebc1 in gnutls_x509_trust_list_verify_crt2 ()
   from /usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#9  0x00007ffff7462d9c in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
#10 0x000055555558f440 in ?? ()
#11 0x0000555555574ef6 in ?? ()
#12 0x00005555555795c7 in ?? ()
#13 0x00005555555841ac in ?? ()
#14 0x0000555555560b5f in ?? ()
#15 0x00007ffff69cdb45 in __libc_start_main (main=0x55555555f7b0,
argc=2, argv=0x7fffffffed68,
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized
out>, stack_end=0x7fffffffed58)
    at libc-start.c:287
#16 0x000055555556101b in ?? ()

Here is some valgrind output for a command that would otherwise segfault:

% wget https://gitlab.lrde.epita.fr/
--2015-06-03 14:34:32--  https://gitlab.lrde.epita.fr/
Resolving gitlab.lrde.epita.fr (gitlab.lrde.epita.fr)... 192.168.100.13
Connecting to gitlab.lrde.epita.fr
(gitlab.lrde.epita.fr)|192.168.100.13|:443... connected.
Segmentation fault (core dumped)
root at 7bac632346aa:/build# valgrind wget https://gitlab.lrde.epita.fr/
==530== Memcheck, a memory error detector
==530== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==530== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==530== Command: wget https://gitlab.lrde.epita.fr/
==530==
--2015-06-03 14:34:34--  https://gitlab.lrde.epita.fr/
Resolving gitlab.lrde.epita.fr (gitlab.lrde.epita.fr)... 192.168.100.13
Connecting to gitlab.lrde.epita.fr
(gitlab.lrde.epita.fr)|192.168.100.13|:443... connected.
==530== Conditional jump or move depends on uninitialised value(s)
==530==    at 0x559E1C0: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x559E178: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x552D20D: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x552FAA4: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x556701C: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5567D8B: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5568A51: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5573BC0: gnutls_x509_trust_list_verify_crt2 (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5527D9B: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x14343F: ??? (in /usr/bin/wget)
==530==    by 0x128EF5: ??? (in /usr/bin/wget)
==530==    by 0x12D5C6: ??? (in /usr/bin/wget)
==530==
==530== Conditional jump or move depends on uninitialised value(s)
==530==    at 0x4C2D6F6: is_overlap (vg_replace_strmem.c:119)
==530==    by 0x4C2D6F6: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==530==    by 0x559E27E: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x559E178: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x552D20D: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x552FAA4: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x556701C: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5567D8B: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5568A51: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5573BC0: gnutls_x509_trust_list_verify_crt2 (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x5527D9B: ??? (in
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28.41.7)
==530==    by 0x14343F: ??? (in /usr/bin/wget)
==530==    by 0x128EF5: ??? (in /usr/bin/wget)
==530==
ERROR: The certificate of 'gitlab.lrde.epita.fr' is not trusted.

-- 
Alexandre Duret-Lutz