[mod_gnutls-devel] Segfault in 0.8.1 test 24 on i386

Brian Morton rokclimb15 at gmail.com
Sun Jan 8 18:57:53 CET 2017


Thomas,

This is very helpful, thank you. I noticed you are building on an amd64
system however, while this test failure only occurs on i386. My last test
of Zesty sources on i386 with valgrind also reported one block lost but
segfaults during the test.

I'll definitely look more carefully at the softhsm2 package. Offhand, it's
hard to think of how it might differ from Debian since the package is in
sync with sid (2.2.0). I'll review the package build logs to see if the
configure differs somehow. The biggest clue I have so far is Debian sid
i386 passes this test and the only two direct dependencies that differ in
version are gnutls and apache, but I've built those from latest release
source and the crash still occurs. My idea at this point is some other
second or third level dependency like openssl.

Thanks,

Brian

On Sun, Jan 8, 2017 at 12:48 PM, Thomas Klute <thomas2.klute at uni-dortmund.de
> wrote:

> My observation from a Yakkety amd64 system: A segfault occurs reliably
> on Apache shutdown (so the test still passes) with libsofthsm2.so from
> the libsofthsm2 package, but not with libsofthsm2.so locally built from
> the SoftHSMv2 git repository at the 2.1.0 tag.
>
> Valgrind reports 4 lost blocks of memory while loading the Ubuntu
> SoftHSM, as opposed to 1 with the one built from Git. I also downloaded
> the Ubuntu source package and built that locally. Again: Segfault, and
> identical memory leaks reported by Valgrind.
>
> This excludes problems with the general system environment (it is the
> same) and in dependencies (according to ldd both libs link against the
> same system libs). Based on this I can only assume that there is an
> issue specific to the Ubuntu build process for SoftHSM.
>
> Regards,
> Thomas
>
> Am 06.01.2017 um 05:58 schrieb Brian Morton:
> > I'm fairly stuck on this one. Tried running old versions of packages on
> Sid
> > and can't reproduce the crash. I also build apache2 and libgnutls30 from
> > upstream sources and the crash still occurs on Zesty. Disabled apparmor,
> > and compared lots of build logs between Debian and Ubuntu to see if there
> > are any differences. I don't see any Debian patches in key dependencies
> > that would explain the ability to build.
> >
> > At this point I'm starting to wonder if it's the toolchain or something
> in
> > the kernel. Perhaps there's a simpler explanation?
> >
> > On Tue, Jan 3, 2017 at 12:23 AM, Brian Morton <rokclimb15 at gmail.com>
> wrote:
> >
> >> Great info!
> >>
> >> Apache2 and libgnutls30 are slightly newer in Sid currently. I'll see
> if I
> >> can pin some older versions in unstable and reproduce the crash.
> >>
> >>> On Jan 2, 2017, at 11:46 PM, Daniel Kahn Gillmor <
> dkg at fifthhorseman.net>
> >> wrote:
> >>>
> >>>> On Mon 2017-01-02 17:42:58 -0500, Brian Morton wrote:
> >>>> I've been working on diagnosing this FTBFS bug in Ubuntu
> >>>> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1597450.
> >>>>
> >>>> Mod_gnutls fails to build on i386 due to some string format issues
> >> fixed in
> >>>> 0.8.1. Once those simple issues are fixed, test 24 fails due to a
> >> segfault
> >>>> in Apache. This seems to be true whether using Debian/Ubuntu sources
> or
> >> the
> >>>> latest from mod_gnutls. The crash appears to be due to a buffer
> >> overflow.
> >>>> Backtrace indicates several libs are involved including gnutls,
> >> softhsm2,
> >>>> and p11-kit. The issue very likely is within one of those libraries
> >> rather
> >>>> than mod_gnutls, but I'm trying to nail it down further so I thought
> I'd
> >>>> start here.
> >>>
> >>> fwiw, we're not seeing these issues on debian unstable on i386 with the
> >>> packaged version 0.8.1-1.  It looks like some sort of failure in
> process
> >>> cleanup related to softhsm2, but the versions of softhsm2 (2.2.0-1)
> look
> >>> like they're the same in ubuntu zesty and debian unstable.
> >>>
> >>> i haven't been able to tease out any better diagnosis myself yet,
> sorry!
> >>>
> >>>  --dkg
> >>
> >
> >
> >
> > _______________________________________________
> > mod_gnutls-devel mailing list
> > mod_gnutls-devel at lists.gnutls.org
> > http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel
> >
>
> --
> Dipl.-Ing. Thomas Klute
>
> E-Mail: thomas2.klute at uni-dortmund.de
> Tel.: +49 231 58680474
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170108/579c732d/attachment-0001.html>


More information about the mod_gnutls-devel mailing list