Package: libneon27 Version: 0.28.2-2 --- Please enter the report below this line. ---
I am experimenting a segfault on a WebDAV connection through HTTPS with libneon27-0.28.2-2. I experiment the problem on all plate-form I tried out (mainly x86 and amd64). Here is a gdb trace of the problem (I reach the problem through a sitecopy request): [EMAIL PROTECTED] gdb `which sitecopy` GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... (gdb) break ne_request.c:349 No source file named ne_request.c. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (ne_request.c:349) pending. (gdb) run --fetch LaBRI Starting program: /usr/bin/sitecopy --fetch LaBRI sitecopy: Fetching site `LaBRI' (on webdav.labri.fr in /perso/fleury/) Breakpoint 1, send_request_body (req=0x724820, retry=1) at /neon27-0.28.2/src/ne_request.c:349 349 notify_status(sess, ne_status_sending); (gdb) c Continuing. Checksumming home.html: [..] done. Checksumming bug_transmeta.html: [...] done. Checksumming p7120.html: [...] done. Checksumming hacking.html: [..] done. Checksumming development.html: [..] done. Checksumming research.html: [..] done. Checksumming index.php: [..] done. Checksumming teaching.html: [..] done. Checksumming publications.html: [...] done. Breakpoint 1, send_request_body (req=0x7428a0, retry=1) at /neon27-0.28.2/src/ne_request.c:349 349 notify_status(sess, ne_status_sending); (gdb) s 347 req->session->status.sr.progress = 0; (gdb) 348 req->session->status.sr.total = req->body_length; (gdb) 349 notify_status(sess, ne_status_sending); (gdb) notify_status (sess=0x633480, status=ne_status_sending) at /neon27-0.28.2/src/ne_request.c:221 221 if (sess->notify_cb) { (gdb) 222 sess->notify_cb(sess->notify_ud, status, &sess->status); (gdb) progress_notifier (userdata=0x633480, status=ne_status_sending, info=0x6335e0) at /neon27-0.28.2/src/ne_session.c:216 216 if (status == ne_status_sending || status == ne_status_recving) { (gdb) n 213 { (gdb) 216 if (status == ne_status_sending || status == ne_status_recving) { (gdb) 217 sess->progress_cb(sess->progress_ud, info->sr.progress, info->sr.total); (gdb) s Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () ********************************************************************** As you see, the problem occurs in ne_session.c:216. Here is a more detailled trace: ********************************************************************** [EMAIL PROTECTED] LaBRI]$ gdb `which sitecopy` GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... (gdb) break ne_request.c:349 No source file named ne_request.c. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (ne_request.c:349) pending. (gdb) run --fetch LaBRI Starting program: /usr/bin/sitecopy --fetch LaBRI sitecopy: Fetching site `LaBRI' (on webdav.labri.fr in /perso/fleury/) Breakpoint 1, send_request_body (req=0x724820, retry=1) at /neon27-0.28.2/src/ne_request.c:349 349 notify_status(sess, ne_status_sending); (gdb) c Continuing. Checksumming home.html: [..] done. Checksumming bug_transmeta.html: [...] done. Checksumming p7120.html: [...] done. Checksumming hacking.html: [..] done. Checksumming development.html: [..] done. Checksumming research.html: [..] done. Checksumming index.php: [..] done. Checksumming teaching.html: [..] done. Checksumming publications.html: [...] done. Breakpoint 1, send_request_body (req=0x7428a0, retry=1) at /neon27-0.28.2/src/ne_request.c:349 349 notify_status(sess, ne_status_sending); (gdb) s 347 req->session->status.sr.progress = 0; (gdb) 348 req->session->status.sr.total = req->body_length; (gdb) 349 notify_status(sess, ne_status_sending); (gdb) notify_status (sess=0x633480, status=ne_status_sending) at /neon27-0.28.2/src/ne_request.c:221 221 if (sess->notify_cb) { (gdb) 222 sess->notify_cb(sess->notify_ud, status, &sess->status); (gdb) progress_notifier (userdata=0x633480, status=ne_status_sending, info=0x6335e0) at /neon27-0.28.2/src/ne_session.c:216 216 if (status == ne_status_sending || status == ne_status_recving) { (gdb) 213 { (gdb) 216 if (status == ne_status_sending || status == ne_status_recving) { (gdb) 217 sess->progress_cb(sess->progress_ud, info->sr.progress, info->sr.total); (gdb) bt #0 progress_notifier (userdata=0x633480, status=<value optimized out>, info=0x6335e0) at /neon27-0.28.2/src/ne_session.c:217 #1 0x00007fca6f359105 in send_request_body (req=0x7428a0, retry=1) at /neon27-0.28.2/src/ne_request.c:349 #2 0x00007fca6f35a67f in send_request (req=0x7428a0, request=0x726d90) at /neon27-0.28.2/src/ne_request.c:942 #3 0x00007fca6f359cb2 in ne_begin_request (req=0x7428a0) at /neon27-0.28.2/src/ne_request.c:1163 #4 0x00007fca6f35a38d in ne_request_dispatch (req=0x7428a0) at /neon27-0.28.2/src/ne_request.c:1372 #5 0x00007fca6f365a0d in propfind (handler=0x739570, results=0x40d760 <pfind_results>, userdata=0x7fff7778c5d0) at /neon27-0.28.2/src/ne_props.c:143 #6 0x000000000040d716 in fetch_list () #7 0x00000000004050e3 in site_fetch () #8 0x0000000000410ed5 in act_on_site () #9 0x0000000000411c7f in main () (gdb) p status $1 = <value optimized out> (gdb) p sess No symbol "sess" in current context. (gdb) info frame Stack level 0, frame at 0x7fff7778a1e0: rip = 0x7fca6f35ad30 in progress_notifier (/neon27-0.28.2/src/ne_session.c:217); saved rip 0x7fca6f359105 called by frame at 0x7fff7778c220 source language c. Arglist at 0x7fff7778a1d0, args: userdata=0x633480, status=<value optimized out>, info=0x6335e0 Locals at 0x7fff7778a1d0, Previous frame's sp is 0x7fff7778a1e0 Saved registers: rip at 0x7fff7778a1d8 (gdb) s Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () ********************************************************************** After SIGSEV is reached, the frame and the backtrace looks like this: ********************************************************************** (gdb) info frame Stack level 0, frame at 0x7fff7778a1e0: rip = 0x0; saved rip 0x7fca6f359105 called by frame at 0x7fff7778c220 Arglist at 0x7fff7778a1d0, args: Locals at 0x7fff7778a1d0, Previous frame's sp is 0x7fff7778a1e0 Saved registers: rip at 0x7fff7778a1d8 (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007fca6f359105 in send_request_body (req=0x7428a0, retry=1) at /neon27-0.28.2/src/ne_request.c:349 #2 0x00007fca6f35a67f in send_request (req=0x7428a0, request=0x726d90) at /neon27-0.28.2/src/ne_request.c:942 #3 0x00007fca6f359cb2 in ne_begin_request (req=0x7428a0) at /neon27-0.28.2/src/ne_request.c:1163 #4 0x00007fca6f35a38d in ne_request_dispatch (req=0x7428a0) at /neon27-0.28.2/src/ne_request.c:1372 #5 0x00007fca6f365a0d in propfind (handler=0x739570, results=0x40d760 <pfind_results>, userdata=0x7fff7778c5d0) at /neon27-0.28.2/src/ne_props.c:143 #6 0x000000000040d716 in fetch_list () #7 0x00000000004050e3 in site_fetch () #8 0x0000000000410ed5 in act_on_site () #9 0x0000000000411c7f in main () ********************************************************************** My guess is that saved eip is over-written when accessed but I have no clue why. :-( If you find out why or if you want to try out some things on my trace (I easily admit that the bug isn't easy to reproduce out of the context of sitecopy and the content of my website), feel free to ask ! By the way, I did this on amd64 but I can easily do it on x86 (I guess it will be the same more or less). --- System information. --- Architecture: amd64 Kernel: Linux 2.6.25.3 Debian Release: lenny/sid 500 unstable www.debian-multimedia.org 500 unstable ftp.fr.debian.org --- Package information. --- Depends (Version) | Installed ===============================-+-================ libc6 (>= 2.7-1) | 2.7-11 libcomerr2 (>= 1.33-3) | 1.40.8-2 libkrb53 (>= 1.6.dfsg.2) | 1.6.dfsg.3-2 libssl0.9.8 (>= 0.9.8f-5) | 0.9.8g-10 libxml2 (>= 2.6.27) | 2.6.32.dfsg-2 zlib1g (>= 1:1.1.4) | 1:1.2.3.3.dfsg-12 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
