Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault on cookie_get_domain() #223

Open
Magentron opened this issue Jun 20, 2023 · 6 comments
Open

Segmentation fault on cookie_get_domain() #223

Magentron opened this issue Jun 20, 2023 · 6 comments

Comments

@Magentron
Copy link
Contributor

Environment:

  • Ubuntu 22.04.2 LTS
  • Siege 4.0.7

Output:

...
HTTP/1.1 200     3.08 secs:   26002 bytes ==> GET  /url
HTTP/1.1 200     3.24 secs:   25953 bytes ==> GET  /url

Trace:

(gdb)  run -v -R siege/dev.conf -f siege/urls-dev.txt --header "X-Some-Header: value"
...
Thread 10 "siege" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xffff8d6cf120 (LWP 136)]
cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, newton@entry=0xffff8d6cb500 "") at ./src/cookies.c:193
193	    const char *domainptr = cookie_get_domain(cur->cookie);
(gdb) bt
#0  cookies_header.isra.0 (this=0x0, host=0xaaaac64d9d90 "www.website.com", newton=0x0, newton@entry=0xffff8d6cb500 "") at ./src/cookies.c:193
#1  0x0000aaaabbfbf1f8 in http_get (C=0xffff34000b70, U=0xaaaac64d7e80) at ./src/http.c:165
#2  0x0000aaaabbfc2824 in __http (this=this@entry=0xaaaac64d9f10, U=0xaaaac64d7e80) at ./src/browser.c:481
#3  0x0000aaaabbfc3244 in __request (U=<optimized out>, this=0xaaaac64d9f10) at ./src/browser.c:406
#4  start (this=0xaaaac64d9f10) at ./src/browser.c:295
#5  0x0000aaaabbfba4c4 in crew_thread (crew=0xaaaac64dac80) at ./src/crew.c:141
#6  0x0000ffff917cd5c8 in start_thread (arg=0x0) at ./nptl/pthread_create.c:442
#7  0x0000ffff91835d1c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:79
(gdb) print cur
$1 = (NODE *) 0xffff740691c0
(gdb) print cur->cookie
$2 = (COOKIE) 0x0
(gdb)
@JoeDog
Copy link
Owner

JoeDog commented Jun 20, 2023 via email

@Magentron
Copy link
Contributor Author

FYI: I generated the report on an Ubuntu docker instance after having had a segmentation fault on 4.1.7 on my mac with the same command line arguments, but don't have a working gdb on the mac itself.

Now looking at the current version of that file and the diff on src/cookie.c:163 (and other parts of the code) it uses this check in cookie_get_domain():

if (this == NULL && this->domain == NULL)

This is incorrect, if the first part of the expression this == NULL is true, then it should not check the second part of the expression this->domain == NULL since this is then NULL and upon execution will cause a segmentation fault due to NULL dereferencing.
So it should be (there and everywhere else):

if (this == NULL || this->domain == NULL)

@JoeDog
Copy link
Owner

JoeDog commented Jun 20, 2023 via email

@JoeDog
Copy link
Owner

JoeDog commented Jun 20, 2023 via email

@Magentron
Copy link
Contributor Author

I have compiled it locally on my mac, still got a segfault, but as I said cannot debug here. I will try tomorrow.

@JoeDog
Copy link
Owner

JoeDog commented Jun 21, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants