From mboxrd@z Thu Jan 1 00:00:00 1970 From: rworkman at slackbuilds.org (Robby Workman) Date: Thu, 24 Aug 2017 01:18:20 -0500 Subject: cgit segfaults In-Reply-To: <20170816083628.GC1987@john.keeping.me.uk> References: <20170816012652.00e95163@home.rlworkman.net> <20170816083628.GC1987@john.keeping.me.uk> Message-ID: <20170824011820.16ac78d6@home.rlworkman.net> On Wed, 16 Aug 2017 09:36:28 +0100 John Keeping wrote: > On Wed, Aug 16, 2017 at 01:26:52AM -0500, Robby Workman wrote: > > We're running cgit-1.1 with git-2.10.4 at > > https://git.slackbuilds.org and are seeing some reproducible > > segfaults. > > > > root at git:/var/log# dmesg -T > > [Wed Aug 16 01:14:23 2017] traps: cgit.cgi[2210] general protection > > ip:4515bd sp:7ffd787a9470 error:0 in cgit.cgi[400000+103000] > > > > This can be reliably triggered (i.e. every time) with at least one > > particular link (I'll share it privately with cgit devs, but since > > I don't know if there's any security impact, I'm not going to put > > it out on the list as yet). > > > > I've applied 1b4ef6783a71962f8b5da3a23f283 and > > c699866699411346c5dba4064575 from git master since they appeared to > > address some segfaults, but apparently they were unrelated to > > whatever it is that we're seeing. > > > > Aside from (obviously) sharing the reproducer, any tips on > > debugging this? We of course have a strong preference for debugging > > tips that don't impact services on the machine, but if needed, > > we'll do what we have to do... > > You can run cgit from the command line with your config and the URL > using something like: > > CGIT_CONFIG=/path/to/cgitrc QUERY_STRING=url=cgit/repo/... > cgit > > This is what the tests do in tests/setup.sh::cgit_url(). > > That should allow you to build a debug binary and reproduce under that > without a webserver involved, which means you can run under gdb or > valgrind. Okay, that's helpful - thanks! I've got something that seems to point at git's pathspec.c (we're building with (and using on the machine) git-2.10.4 currently), but I have no idea where to go from here. This is the gdb output: (gdb) run Starting program: /var/www/cgi-bin/cgit.cgi [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline; filename="82746b4b48cec68acdbb5b7a5ad841b1a21872af..65131f01e212203fbde61d3074640651a02cb6e0.patch" Last-Modified: Thu, 24 Aug 2017 06:08:13 GMT Expires: Thu, 24 Aug 2017 06:13:13 GMT Program received signal SIGSEGV, Segmentation fault. 0x00000000004515bd in prefix_pathspec (elt=0x6234623634373238 , prefixlen=0, prefix=0x0, flags=0, raw=0x77a138, p_short_magic=, item=0x77a808) at pathspec.c:149 149 if (elt[0] != ':' || literal_global || (gdb) -RW -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: