Bug #5343
closedosmo-remsim-server crashs on libulfius2.7 / debian 11
100%
Description
when building osmo-remsim with debian,
osmo-remsim crashs when accessing the http server.
Starting program: /usr/bin/osmo-remsim-server [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7ffff6f26700 (LWP 103672)] [New Thread 0x7ffff6725700 (LWP 103679)] Thread 3 "MHD-connection" received signal SIGABRT, Aborted. [Switching to Thread 0x7ffff6725700 (LWP 103679)] __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7c9b537 in __GI_abort () at abort.c:79 #2 0x00007ffff7fb3551 in ?? () from /usr/lib/x86_64-linux-gnu/libtalloc.so.2 #3 0x000055555555994f in my_o_free (obj=0x7ffff0008d40) at rest_api.c:491 #4 0x00007ffff7eb174d in ulfius_parse_url () from /usr/lib/x86_64-linux-gnu/libulfius.so.2.7 #5 0x00007ffff7ebd007 in ?? () from /usr/lib/x86_64-linux-gnu/libulfius.so.2.7 #6 0x00007ffff795dfb1 in ?? () from /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.12 #7 0x00007ffff795fdf8 in ?? () from /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.12 #8 0x00007ffff7961dae in ?? () from /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.12 #9 0x00007ffff7965a5c in ?? () from /usr/lib/x86_64-linux-gnu/libmicrohttpd.so.12 #10 0x00007ffff7e43ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477 #11 0x00007ffff7d73def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb)
Related issues
Updated by laforge over 2 years ago
Not a real solution, but I think this is why we ship an earlier libulfius in the osmocom feeds?
Updated by laforge over 2 years ago
- Related to Bug #5341: nightly: debian 11 / bullseye have wrong dependencies added
Updated by laforge over 2 years ago
- Status changed from New to In Progress
I think I found the upstream bug: url_decode internally contains a call straight to malloc, which of course is a bad idea as it bypasses libtalloc (which we hooked into the orcania memory allocator functions). Later on, ulfius calls o_free which ends up at talloc_free() and talloc crashes due to that memory never having been allocated by talloc.
The following patch should work:
diff --git a/src/u_request.c b/src/u_request.c
index 385572b..8203c5e 100644
--- a/src/u_request.c
+++ b/src/u_request.c
@@ -143,7 +143,7 @@ static char from_hex(char ch) {
*/
static char * url_decode(const char * str) {
if (str != NULL) {
- char * pstr = (char*)str, * buf = malloc(strlen(str) + 1), * pbuf = buf;
+ char * pstr = (char*)str, * buf = o_malloc(strlen(str) + 1), * pbuf = buf;
while (* pstr) {
if (* pstr == '%') {
if (pstr[1] && pstr[2]) {
Updated by laforge over 2 years ago
Upstream bug report at https://github.com/babelouest/ulfius/issues/206
Updated by laforge over 2 years ago
Fix in https://github.com/babelouest/ulfius/pull/207
I will also report this to debian so they can fix their ulfius packages
Updated by laforge over 2 years ago
- % Done changed from 0 to 80
- upstream ulfius has merged my PR and hinted there will be a new release
- Debian bug report at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001328
Updated by laforge over 2 years ago
- % Done changed from 80 to 90
Debian unstable has now been fixed. However, for stable (11) this may need some time for additional review/approval/...
debian stable issue is tracked at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001384
Updated by osmith over 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
Thanks Harald, your fix made it into debian 11 (stable) in ulfius_2.7.1-1. Closing.
