View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003857 | Taler | exchange | public | 2015-06-22 16:13 | 2015-06-25 15:31 |
| Reporter | Marcello Stanisci | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 0.0 | Fixed in Version | 0.0 | ||
| Summary | 0003857: mint httpd crashes due to malformed data POSTed | ||||
| Description | POSTing a malformed data to /test/base32 causes the mint to stop working, giving the following message: Jun 22 16:04:25-331338 taler-mint-httpd-5297 WARNING Failed to parse JSON request body *** Error in `taler-mint-httpd': free(): invalid pointer: 0x00007f4380000078 *** | ||||
| Tags | No tags attached. | ||||
|
|
Reproduced using $ curl -d test http://localhost:8081/test/base32 valgrind report: ==2361== Thread 2: ==2361== Invalid read of size 8 ==2361== at 0x4096C4: buffer_deinit (taler-mint-httpd_parsing.c:101) ==2361== by 0x409ABD: TMH_PARSE_post_cleanup_callback (taler-mint-httpd_parsing.c:258) ==2361== by 0x403239: handle_mhd_completion_callback (taler-mint-httpd.c:109) ==2361== by 0x552DDD9: MHD_connection_handle_idle (connection.c:2579) ==2361== by 0x5532537: MHD_run_from_select (daemon.c:2235) ==2361== by 0x5532993: MHD_select (daemon.c:2340) ==2361== by 0x5533B96: MHD_select_thread (daemon.c:2897) ==2361== by 0x5BD90A3: start_thread (pthread_create.c:309) ==2361== by 0x614604C: clone (clone.S:111) ==2361== Address 0xa3227d0 is 0 bytes inside a block of size 24 free'd ==2361== at 0x4C29E90: free (vg_replace_malloc.c:473) ==2361== by 0x596960D: GNUNET_xfree_ (common_allocation.c:256) ==2361== by 0x4099E6: TMH_PARSE_post_json (taler-mint-httpd_parsing.c:230) ==2361== by 0x410E2B: TMH_TEST_handler_test_base32 (taler-mint-httpd_test.c:62) ==2361== by 0x40336E: handle_mhd_request (taler-mint-httpd.c:282) ==2361== by 0x552BE7B: call_connection_handler (connection.c:1452) ==2361== by 0x552DA1E: MHD_connection_handle_idle (connection.c:2466) ==2361== by 0x5532537: MHD_run_from_select (daemon.c:2235) ==2361== by 0x5532993: MHD_select (daemon.c:2340) ==2361== by 0x5533B96: MHD_select_thread (daemon.c:2897) ==2361== by 0x5BD90A3: start_thread (pthread_create.c:309) ==2361== by 0x614604C: clone (clone.S:111) ==2361== ==2361== Invalid free() / delete / delete[] / realloc() ==2361== at 0x4C29E90: free (vg_replace_malloc.c:473) ==2361== by 0x596960D: GNUNET_xfree_ (common_allocation.c:256) ==2361== by 0x4096D8: buffer_deinit (taler-mint-httpd_parsing.c:101) ==2361== by 0x409ABD: TMH_PARSE_post_cleanup_callback (taler-mint-httpd_parsing.c:258) ==2361== by 0x403239: handle_mhd_completion_callback (taler-mint-httpd.c:109) ==2361== by 0x552DDD9: MHD_connection_handle_idle (connection.c:2579) ==2361== by 0x5532537: MHD_run_from_select (daemon.c:2235) ==2361== by 0x5532993: MHD_select (daemon.c:2340) ==2361== by 0x5533B96: MHD_select_thread (daemon.c:2897) ==2361== by 0x5BD90A3: start_thread (pthread_create.c:309) ==2361== by 0x614604C: clone (clone.S:111) ==2361== Address 0xdf0adba0df0adba is not stack'd, malloc'd or (recently) free'd ==2361== ==2361== Invalid write of size 8 ==2361== at 0x4096DD: buffer_deinit (taler-mint-httpd_parsing.c:102) ==2361== by 0x409ABD: TMH_PARSE_post_cleanup_callback (taler-mint-httpd_parsing.c:258) ==2361== by 0x403239: handle_mhd_completion_callback (taler-mint-httpd.c:109) ==2361== by 0x552DDD9: MHD_connection_handle_idle (connection.c:2579) ==2361== by 0x5532537: MHD_run_from_select (daemon.c:2235) ==2361== by 0x5532993: MHD_select (daemon.c:2340) ==2361== by 0x5533B96: MHD_select_thread (daemon.c:2897) ==2361== by 0x5BD90A3: start_thread (pthread_create.c:309) ==2361== by 0x614604C: clone (clone.S:111) ==2361== Address 0xa3227d0 is 0 bytes inside a block of size 24 free'd ==2361== at 0x4C29E90: free (vg_replace_malloc.c:473) ==2361== by 0x596960D: GNUNET_xfree_ (common_allocation.c:256) ==2361== by 0x4099E6: TMH_PARSE_post_json (taler-mint-httpd_parsing.c:230) ==2361== by 0x410E2B: TMH_TEST_handler_test_base32 (taler-mint-httpd_test.c:62) ==2361== by 0x40336E: handle_mhd_request (taler-mint-httpd.c:282) ==2361== by 0x552BE7B: call_connection_handler (connection.c:1452) ==2361== by 0x552DA1E: MHD_connection_handle_idle (connection.c:2466) ==2361== by 0x5532537: MHD_run_from_select (daemon.c:2235) ==2361== by 0x5532993: MHD_select (daemon.c:2340) ==2361== by 0x5533B96: MHD_select_thread (daemon.c:2897) ==2361== by 0x5BD90A3: start_thread (pthread_create.c:309) ==2361== by 0x614604C: clone (clone.S:111) ==2361== |
|
|
Fixed in 214bcf5..d98d085 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-06-22 16:13 | Marcello Stanisci | New Issue | |
| 2015-06-22 17:41 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2015-06-22 17:41 | Christian Grothoff | Status | new => assigned |
| 2015-06-22 18:09 | Christian Grothoff | Note Added: 0009308 | |
| 2015-06-22 18:12 | Christian Grothoff | Note Added: 0009309 | |
| 2015-06-22 18:12 | Christian Grothoff | Status | assigned => resolved |
| 2015-06-22 18:12 | Christian Grothoff | Fixed in Version | => 0.0 |
| 2015-06-22 18:12 | Christian Grothoff | Resolution | open => fixed |
| 2015-06-22 18:13 | Christian Grothoff | Product Version | => git (master) |
| 2015-06-22 18:13 | Christian Grothoff | Target Version | => 0.0 |
| 2015-06-25 15:31 | Christian Grothoff | Status | resolved => closed |
| 2016-02-18 15:43 | Christian Grothoff | Category | mint => exchange |
