Segmentation fault on cookie_get_domain()
Magentron opened this issue · 6 comments
Magentron commented
Environment:
- Ubuntu 22.04.2 LTS
- Siege 4.0.7
Output:
...
HTTP/1.1 200 3.08 secs: 26002 bytes ==> GET /url
HTTP/1.1 200 3.24 secs: 25953 bytes ==> GET /url
Trace:
(gdb) run -v -R siege/dev.conf -f siege/urls-dev.txt --header "X-Some-Header: value"
...
Thread 10 "siege" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xffff8d6cf120 (LWP 136)]
cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, newton@entry=0xffff8d6cb500 "") at ./src/cookies.c:193
193 const char *domainptr = cookie_get_domain(cur->cookie);
(gdb) bt
#0 cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, newton@entry=0xffff8d6cb500 "") at ./src/cookies.c:193
#1 0x0000aaaabbfbf1f8 in http_get (C=0xffff34000b70, U=0xaaaac64d7e80) at ./src/http.c:165
#2 0x0000aaaabbfc2824 in __http (this=this@entry=0xaaaac64d9f10, U=0xaaaac64d7e80) at ./src/browser.c:481
#3 0x0000aaaabbfc3244 in __request (U=<optimized out>, this=0xaaaac64d9f10) at ./src/browser.c:406
#4 start (this=0xaaaac64d9f10) at ./src/browser.c:295
#5 0x0000aaaabbfba4c4 in crew_thread (crew=0xaaaac64dac80) at ./src/crew.c:141
#6 0x0000ffff917cd5c8 in start_thread (arg=0x0) at ./nptl/pthread_create.c:442
#7 0x0000ffff91835d1c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:79
(gdb) print cur
$1 = (NODE *) 0xffff740691c0
(gdb) print cur->cookie
$2 = (COOKIE) 0x0
(gdb)
JoeDog commented
The latest version is 4.1.7
https://github.com/JoeDog/siege/tree/master
…On Tue, Jun 20, 2023 at 2:27 PM Jeroen Derks ***@***.***> wrote:
Environment:
- Ubuntu 22.04.2 LTS
- Siege 4.0.7
Output:
...
HTTP/1.1 200 3.08 secs: 26002 bytes ==> GET /url
HTTP/1.1 200 3.24 secs: 25953 bytes ==> GET /url
Trace:
(gdb) run -v -R siege/dev.conf -f siege/urls-dev.txt --header "X-Some-Header: value"
...
Thread 10 "siege" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xffff8d6cf120 (LWP 136)]
cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, ***@***.***=0xffff8d6cb500 "") at ./src/cookies.c:193
193 const char *domainptr = cookie_get_domain(cur->cookie);
(gdb) bt
#0 cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, ***@***.***=0xffff8d6cb500 "") at ./src/cookies.c:193
#1 0x0000aaaabbfbf1f8 in http_get (C=0xffff34000b70, U=0xaaaac64d7e80) at ./src/http.c:165
#2 0x0000aaaabbfc2824 in __http ***@***.***=0xaaaac64d9f10, U=0xaaaac64d7e80) at ./src/browser.c:481
#3 0x0000aaaabbfc3244 in __request (U=<optimized out>, this=0xaaaac64d9f10) at ./src/browser.c:406
#4 start (this=0xaaaac64d9f10) at ./src/browser.c:295
#5 0x0000aaaabbfba4c4 in crew_thread (crew=0xaaaac64dac80) at ./src/crew.c:141
#6 0x0000ffff917cd5c8 in start_thread (arg=0x0) at ./nptl/pthread_create.c:442
#7 0x0000ffff91835d1c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:79
(gdb) print cur
$1 = (NODE *) 0xffff740691c0
(gdb) print cur->cookie
$2 = (COOKIE) 0x0
(gdb)
—
Reply to this email directly, view it on GitHub
<#223>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZS3AZYE5XISCBGB64TXMHTPTANCNFSM6AAAAAAZNVMJAA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes
Magentron commented
FYI: I generated the report on an Ubuntu docker instance after having had a segmentation fault on 4.1.7 on my mac with the same command line arguments, but don't have a working gdb on the mac itself.
Now looking at the current version of that file and the diff on src/cookie.c:163 (and other parts of the code) it uses this check in cookie_get_domain():
if (this == NULL && this->domain == NULL)
This is incorrect, if the first part of the expression this == NULL is true, then it should not check the second part of the expression this->domain == NULL since this is then NULL and upon execution will cause a segmentation fault due to NULL dereferencing.
So it should be (there and everywhere else):
if (this == NULL || this->domain == NULL)
JoeDog commented
That makes sense. I'll correct it.
…On Tue, Jun 20, 2023 at 4:01 PM Jeroen Derks ***@***.***> wrote:
FYI: I generated the report on an Ubuntu docker instance after having had
a segmentation fault on 4.1.7 on my mac with the same command line
arguments, but don't have a working gdb on the mac itself.
Now looking at the current version of that file and the diff on
src/cookie.c:163
<https://github.com/JoeDog/siege/compare/fc899df9c6f2d4c6833b85d937033b29a4c7c4d9..master#diff-41f754f41173c211d6ab331743f380d9d71834780af36c1723d939bfdbd4ee2aR163>
(and other parts of the code) it uses this check in cookie_get_domain():
if (this == NULL && this->domain == NULL)
This is incorrect, if the first part of the expression this == NULL is
true, then it should not check the second part of the expression this->domain
== NULL since this is then NULL and upon execution will cause a
segmentation fault due to NULL dereferencing.
So it should be (there and everywhere else):
if (this == NULL || this->domain == NULL)
—
Reply to this email directly, view it on GitHub
<#223 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZRFNX57EUF6P5KVZYDXMH6QVANCNFSM6AAAAAAZNVMJAA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes
JoeDog commented
I pushed out version 4.1.7-b4. Could you test it?
…On Tue, Jun 20, 2023 at 4:01 PM Jeroen Derks ***@***.***> wrote:
FYI: I generated the report on an Ubuntu docker instance after having had
a segmentation fault on 4.1.7 on my mac with the same command line
arguments, but don't have a working gdb on the mac itself.
Now looking at the current version of that file and the diff on
src/cookie.c:163
<https://github.com/JoeDog/siege/compare/fc899df9c6f2d4c6833b85d937033b29a4c7c4d9..master#diff-41f754f41173c211d6ab331743f380d9d71834780af36c1723d939bfdbd4ee2aR163>
(and other parts of the code) it uses this check in cookie_get_domain():
if (this == NULL && this->domain == NULL)
This is incorrect, if the first part of the expression this == NULL is
true, then it should not check the second part of the expression this->domain
== NULL since this is then NULL and upon execution will cause a
segmentation fault due to NULL dereferencing.
So it should be (there and everywhere else):
if (this == NULL || this->domain == NULL)
—
Reply to this email directly, view it on GitHub
<#223 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZRFNX57EUF6P5KVZYDXMH6QVANCNFSM6AAAAAAZNVMJAA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes
Magentron commented
I have compiled it locally on my mac, still got a segfault, but as I said cannot debug here. I will try tomorrow.
JoeDog commented
Ok, let me know.
…On Tue, Jun 20, 2023 at 4:48 PM Jeroen Derks ***@***.***> wrote:
I have compiled it locally on my mac, still got a segfault, but as I said
cannot debug here. I will try tomorrow.
—
Reply to this email directly, view it on GitHub
<#223 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZRXAQNR3G7IOSHP3FDXMIEB3ANCNFSM6AAAAAAZNVMJAA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes