Thursday, April 01, 2021

w3m: SIGSEV in sk_pop_free(3)

Just found ~/w3m.core on my Pinebook Pro running snapshots with
`vm.malloc_conf=SU':
OpenBSD 6.9-beta (GENERIC.MP) #1094: Fri Mar 26 14:15:00 MDT 2021

I've used w3m extensively to browse several sites and download files,
I cannot tell when or how this happened exactly -- given that it didn't
crash directly while using it, perhaps it dumped core during teardown
when I quit a session?

I keep using it but am unable to reproduce it so far, sorry for the poor
report; anything else I can provide?

Here's the output of `bt full' with debug-w3m installed:

[New process 187909]
[New process 174050]
[New process 252009]
[New process 115020]
[New process 442102]
[New process 522326]
Core was generated by `w3m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 sk_pop_free (st=0xdfdfdfdfdfdfdfdf, func=0xb88605058 <ASN1_OBJECT_free>) at /usr/src/lib/libcrypto/stack/stack.c:279

warning: Source file is more recent than executable.
279 for (i = 0; i < st->num; i++)
[Current thread is 1 (process 187909)]
#0 sk_pop_free (st=0xdfdfdfdfdfdfdfdf, func=0xb88605058 <ASN1_OBJECT_free>) at /usr/src/lib/libcrypto/stack/stack.c:279
i = <optimized out>
#1 0x0000000b885c4ad8 in x509_verify_param_zero (param=0xbc8b7a380) at /usr/src/lib/libcrypto/x509/x509_vpm.c:183
paramid = <optimized out>
#2 0x0000000b885c4b68 in X509_VERIFY_PARAM_free (param=0xbc8b7a380) at /usr/src/lib/libcrypto/x509/x509_vpm.c:225
No locals.
#3 0x0000000afb5526a4 in SSL_CTX_free (ctx=0xb586d2280) at /usr/src/lib/libssl/ssl_lib.c:1964
i = <optimized out>
#4 0x00000006e72e3f84 in free_ssl_ctx ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

No comments:

Post a Comment