Bug#564772: libjavascript-perl: Segfaults with wpad extraction code

Petter Reinholdtsen pere at hungry.com
Mon Jan 11 21:07:41 UTC 2010 

Package:  libjavascript-perl
Version:  1.08-1+b1
Severity: important
User:     debian-edu at lists.debian.org
UserTags: debian-edu

For etch, I wrote a script to extract the proxy setting from a WPAD
script to be able to update /etc/environment at boot.  When trying to
use it with Debian Edu based on Lenny, the script fail and perl
segfaults.  I hope this bug can be fixed in Lenny, because we are
working on finalizing the Lenny based Debian Edu and it would be great
if we could get this working using Lenny packages, as we are moving to
using a WPAD file to specify the proxy setting.

I had to disable the setting of the error handler, as this function
seem to be missing in the Lenny package.

This is how my script fails:

  %  ../olpsvn/src/olp-packages/wpad-extract debug
  S[http]:
  Unable to find proxy settings for http
  http_proxy=
  Segmentation fault
  %

This is the last part of the valgrind output from the crash.

==4227== Invalid read of size 4
==4227==    at 0x4887A44: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x48880BE: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x4888284: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x484B247: JS_GetProperty (in /usr/lib/libmozjs.so.1d)
==4227==    by 0x40363B1: XS_JavaScript__Context_jsc_call (in /usr/lib/perl5/auto/JavaScript/JavaScript.so)
==4227==    by 0x80B32D1: Perl_pp_entersub (in /usr/bin/perl)
==4227==    by 0x80B1878: Perl_runops_standard (in /usr/bin/perl)
==4227==    by 0x80AC69F: perl_run (in /usr/bin/perl)
==4227==    by 0x8063DDC: main (in /usr/bin/perl)
==4227==  Address 0x4bafff6 is 4,086 bytes inside a block of size 4,096 free'd
==4227==    at 0x4022B8A: free (vg_replace_malloc.c:323)
==4227==    by 0x4871A7C: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x484D898: JS_GC (in /usr/lib/libmozjs.so.1d)
==4227==    by 0x4036E67: XS_JavaScript__Context_jsc_eval (in /usr/lib/perl5/auto/JavaScript/JavaScript.so)
==4227==    by 0x80B32D1: Perl_pp_entersub (in /usr/bin/perl)
==4227==    by 0x80B1878: Perl_runops_standard (in /usr/bin/perl)
==4227==    by 0x80AC69F: perl_run (in /usr/bin/perl)
==4227==    by 0x8063DDC: main (in /usr/bin/perl)
==4227==
==4227== Jump to the invalid address stated on the next line
==4227==    at 0x0: ???
==4227==    by 0x48880BE: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x4888284: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x484B247: JS_GetProperty (in /usr/lib/libmozjs.so.1d)
==4227==    by 0x40363B1: XS_JavaScript__Context_jsc_call (in /usr/lib/perl5/auto/JavaScript/JavaScript.so)
==4227==    by 0x80B32D1: Perl_pp_entersub (in /usr/bin/perl)
==4227==    by 0x80B1878: Perl_runops_standard (in /usr/bin/perl)
==4227==    by 0x80AC69F: perl_run (in /usr/bin/perl)
==4227==    by 0x8063DDC: main (in /usr/bin/perl)
==4227==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==4227==
==4227== Process terminating with default action of signal 11 (SIGSEGV)
==4227==  Bad permissions for mapped region at address 0x0
==4227==    at 0x0: ???
==4227==    by 0x48880BE: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x4888284: (within /usr/lib/libmozjs.so.1d)
==4227==    by 0x484B247: JS_GetProperty (in /usr/lib/libmozjs.so.1d)
==4227==    by 0x40363B1: XS_JavaScript__Context_jsc_call (in /usr/lib/perl5/auto/JavaScript/JavaScript.so)
==4227==    by 0x80B32D1: Perl_pp_entersub (in /usr/bin/perl)
==4227==    by 0x80B1878: Perl_runops_standard (in /usr/bin/perl)
==4227==    by 0x80AC69F: perl_run (in /usr/bin/perl)
==4227==    by 0x8063DDC: main (in /usr/bin/perl)
==4227==
==4227== ERROR SUMMARY: 14 errors from 10 contexts (suppressed: 61 from 2)
==4227== malloc/free: in use at exit: 1,653,923 bytes in 31,709 blocks.
==4227== malloc/free: 58,682 allocs, 26,973 frees, 4,281,409 bytes allocated.
==4227== For counts of detected errors, rerun with: -v
==4227== searching for pointers to 31,709 not-freed blocks.
==4227== checked 1,816,188 bytes.
==4227==
==4227== LEAK SUMMARY:
==4227==    definitely lost: 5,352 bytes in 124 blocks.
==4227==      possibly lost: 15,319 bytes in 54 blocks.
==4227==    still reachable: 1,633,252 bytes in 31,531 blocks.
==4227==         suppressed: 0 bytes in 0 blocks.
==4227== Rerun with --leak-check=full to see details of leaked memory.
Segmentation fault

The script is attached.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libjavascript-perl depends on:
ii  libc6                    2.7-18          GNU C Library: Shared libraries
ii  libmozjs1d               1.9.0.16-1      The Mozilla SpiderMonkey JavaScrip
ii  perl                     5.10.0-19lenny2 Larry Wall's Practical Extraction
ii  perl-base [perlapi-5.10. 5.10.0-19lenny2 minimal Perl system

libjavascript-perl recommends no packages.

libjavascript-perl suggests no packages.

-- no debconf information

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: wpad-extract
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20100111/d11ab63d/attachment-0001.asc>

More information about the pkg-perl-maintainers mailing list