Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 8 Aug 2005 17:35:43 +0300
From:      Vasil Dimov <vd@datamax.bg>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        sf@FreeBSD.org
Subject:   ports/84666: [patch] ftp/wget abort trap while downloading
Message-ID:  <20050808143543.GA63531@sinanica.bg.datamax>
Resent-Message-ID: <200508081440.j78EeFij040257@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         84666
>Category:       ports
>Synopsis:       [patch] ftp/wget abort trap while downloading
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 08 14:40:15 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Vasil Dimov
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
DataMax
>Environment:

System: FreeBSD sinanica.bg.datamax 5.4-STABLE FreeBSD 5.4-STABLE #12: Thu Jul 14 12:43:06 EEST 2005     root@sinanica.bg.datamax:/usr/src/sys/i386/compile/SINANICA-SMP  i386

>Description:

While downloading a file from ftp site wget crashed.

Wget was started with the following command line:

$ wget -c -t0 --no-proxy -i mindhunters.url -o log &

this is the output (combined with "tail -f log"):

393216K ........ ........ ........ ........ ........ ........ 55%   97.13 KB/s
396288K ........wget in free(): error: junk pointer, too high to make sense
Abort trap (core dumped)

Here is the backtrace:

Core was generated by `wget'.
Program terminated with signal 6, Aborted.
#0  0x28287dbf in kill () at kill.S:2
2	RSYSCALL(kill)
#0  0x28287dbf in kill () at kill.S:2
#1  0x2827a1a8 in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:50
#2  0x2830f5b5 in abort () at /usr/src/lib/libc/stdlib/abort.c:69
#3  0x28296340 in wrterror (p=0x28316e0c "junk pointer, too high to make sense\n")
    at /usr/src/lib/libc/stdlib/malloc.c:309
#4  0x28296381 in wrtwarning (p=0x28316e0c "junk pointer, too high to make sense\n")
    at /usr/src/lib/libc/stdlib/malloc.c:321
#5  0x282971b9 in ifree (ptr=0x1) at /usr/src/lib/libc/stdlib/malloc.c:1066
#6  0x28297975 in pubrealloc (ptr=0x1, size=0, func=0x28316f11 " in free():")
    at /usr/src/lib/libc/stdlib/malloc.c:1125
#7  0x28297acf in free (ptr=0x1) at /usr/src/lib/libc/stdlib/malloc.c:1159
#8  0x0807730b in checking_free (ptr=0x1) at xmalloc.c:192
#9  0x080529c8 in getftp (u=0x8090180, len=0xbfbfe7b8, restval=0, con=0xbfbfe880) at ftp.c:1026
#10 0x08052ec0 in ftp_loop_internal (u=0x8090180, f=0x0, con=0xbfbfe880) at ftp.c:1195
#11 0x080544f6 in ftp_loop (u=0x8090180, dt=0xbfbfe960, proxy=0x0) at ftp.c:1877
#12 0x0806ceee in retrieve_url (
    origurl=0x808f200 "ftp://not_public_________________/open/Movies/2004/Mindhunters.LiMiTED.DVDRiP.XviD-HLS/Mindhunters.LiMiTED.DVDRiP.XviD-HLS.avi", file=0xbfbfe968, newloc=0xbfbfe964, 
    refurl=0x0, dt=0xbfbfe960) at retr.c:677
#13 0x0806d38d in retrieve_from_file (file=0x808e040 "mindhunters.url", html=0, count=0xbfbfea6c)
    at retr.c:836
#14 0x08067d09 in main (argc=8, argv=0xbfbfeadc) at main.c:961
Current language:  auto; currently asm

Here is the output from some useful (related) commands:

$ readlink /etc/malloc.conf
AJ
$ wget -V
GNU Wget 1.10

Copyright (C) 2005 Free Software Foundation, Inc.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
$
(wget-1.10_1 from ports)

>How-To-Repeat:

I'm not sure, but probably this occurs when file is being downloaded via
ftp and the connection is closed in the middle of the download.

If the crash occurs again I will send more info.

>Fix:

There is an obvious bug in ftp.c which consists of the following:

after ftp_response(csock, &respline) returns error an attempt is made to
free respline, contradictory to the comments (and the implementation) of
ftp_response(): ftp-basic.c:62:
   If the line is successfully read, FTPOK is returned, and *ret_line
   is assigned a freshly allocated line.  Otherwise, FTPRERR is
   returned, and the value of *ret_line should be ignored.  */
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I suggest the following patch:

--- wget_1.10_1-1.10_2.diff begins here ---
diff -ruN --exclude=README.html --exclude=CVS /usr/ports/ftp/wget/Makefile wget/Makefile
--- /usr/ports/ftp/wget/Makefile	Thu Jun 23 02:20:56 2005
+++ wget/Makefile	Mon Aug  8 16:54:15 2005
@@ -7,7 +7,7 @@
 
 PORTNAME=	wget
 DISTVERSION=	1.10
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	ftp www ipv6
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	wget
diff -ruN --exclude=README.html --exclude=CVS /usr/ports/ftp/wget/files/patch-src::ftp.c wget/files/patch-src::ftp.c
--- /usr/ports/ftp/wget/files/patch-src::ftp.c	Thu Jan  1 02:00:00 1970
+++ wget/files/patch-src::ftp.c	Mon Aug  8 16:51:58 2005
@@ -0,0 +1,10 @@
+--- src/ftp.c.orig	Mon Aug  8 16:44:02 2005
++++ src/ftp.c	Mon Aug  8 16:51:29 2005
+@@ -1023,7 +1023,6 @@
+   err = ftp_response (csock, &respline);
+   if (err != FTPOK)
+     {
+-      xfree (respline);
+       /* The control connection is decidedly closed.  Print the time
+ 	 only if it hasn't already been printed.  */
+       if (res != -1)
--- wget_1.10_1-1.10_2.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050808143543.GA63531>