Ubuntu
transmission package

transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import()

Bug #1304004 reported by chops
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
transmission (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Tried to download a bittorrent containing a pdf file. Transmission crashed before it downloaded anything (seemingly).

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: transmission-gtk 2.82-1.1ubuntu3
ProcVersionSignature: Ubuntu 3.13.0-20.42-generic 3.13.7
Uname: Linux 3.13.0-20-generic x86_64
NonfreeKernelModules: nvidia wl
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
CrashCounter: 1
CurrentDesktop: Unity
Date: Mon Apr 7 21:04:18 2014
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/transmission-gtk
InstallationDate: Installed on 2013-02-16 (415 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130207.1)
LocalLibraries: /usr/local/lib/librtmp.so.0
ProcCmdline: transmission-gtk
SegvAnalysis:
 Segfault happened at: 0x7f3f93adab19 <gnutls_x509_crt_import+25>: mov (%rsi),%rsi
 PC (0x7f3f93adab19) ok
 source "(%rsi)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%rsi" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: transmission
StacktraceTop:
 gnutls_x509_crt_import () from /usr/lib/x86_64-linux-gnu/libgnutls.so.26
 ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
Title: transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import()
UpgradeStatus: Upgraded to trusty on 2014-02-06 (59 days ago)
UserGroups: adm cdrom dip lp lpadmin plugdev sambashare sudo

Revision history for this message
chops (chopssmith-media) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 gnutls_x509_crt_import (cert=0x7f3f58b956f0, data=0x0, format=GNUTLS_X509_FMT_DER) at x509.c:176
 ?? () from /tmp/apport_sandbox_MkXNXx/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /tmp/apport_sandbox_MkXNXx/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /tmp/apport_sandbox_MkXNXx/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
 ?? () from /tmp/apport_sandbox_MkXNXx/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
tags: added: apport-failed-retrace
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in transmission (Ubuntu):
status: New → Confirmed
Marc Deslauriers (mdeslaur)
information type: Private → Public
Revision history for this message
Roman Fiedler (roman-fiedler-deactivatedaccount) wrote :

I might have observed the same bug, affecting libgnutls.so.26 or libcurl-gnutls.so.4 or the combination of both, and seems to be triggered by the remote side, crashing a zabbix monitoring system when connecting to a single server.

Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
    at x509.c:176
176 x509.c: No such file or directory.
(gdb) bt
#0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
    format=GNUTLS_X509_FMT_DER) at x509.c:176
#1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#7 0xb6e888a0 in curl_multi_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#8 0xb6e7f6fb in curl_easy_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#9 0xb76be6aa in process_httptests ()
#10 0xb76bca56 in main_httppoller_loop ()
#11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
#12 0xb76ef49b in daemon_start ()
#13 0xb7690abf in main ()

According to [1], calling the function with data=NULL seems forbidden. It seems, that [2] is a similar report for curl. The upstream patch seems to be announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0 - May 21 2014"

[1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
[2] http://curl.haxx.se/mail/lib-2014-04/0145.html
[3] http://curl.haxx.se/changes.html

Revision history for this message
Alessandro Losavio (alo21) wrote :

Can you tell me all steps to reproduce the bug please?

Revision history for this message
Roman Fiedler (roman-fiedler-deactivatedaccount) wrote :

I have no simple reproducer, the only one really working here is:

* Setup Ubuntu Trusty machine (mine is a i386 guest, but amd64 should have same bug)
* Install Zabbix Monitoring system
* "Configuration->Hosts": Create host "test"
* "Configuration->Hosts:" Click on "Applications" in host "test", create application "test"
* "Configuration->Hosts:" Click on "web" in host "test", add a web scenario. Create a test step for e.g. https://www.google.at/
Run the test and see if latest data contains, e.g. response time measurements for google.

When OK, add an /etc/hosts entry for "www.google.at" to point to an Apache 2.4 server with SSL/SNI. (I can supply you with an IP off-list).

Afterwards "tail -f /var/log/syslog" should show you zabbix server crash reports every some seconds.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.