[Bug 1573307] Re: wget crashed with SIGSEGV in __memset_avx2()

Chen-Han Hsiao (Stanley) 1573307 at bugs.launchpad.net
Fri Feb 24 07:53:16 UTC 2017 

This issue could be reproduced with following command. More easily to be
reproduced with narrow terminal (such as 40 characters width)

wget http://old-releases.ubuntu.com/releases/16.04.0/ubuntu-16.04
-desktop-amd64.iso

This issue has been fixed by the following commit
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=7099f4899880eaefc2c40a3dc7693ab4174a819b

>From 7099f4899880eaefc2c40a3dc7693ab4174a819b Mon Sep 17 00:00:00 2001
From: Darshit Shah <darnir at gmail.com>
Date: Mon, 22 Feb 2016 15:08:15 +0100
Subject: [PATCH] Sanitize value sent to memset to prevent SEGFAULT

---
 src/progress.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/progress.c b/src/progress.c
index 93f6246..8a5df21 100644
--- a/src/progress.c
+++ b/src/progress.c
@@ -1164,6 +1164,8 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done)
     }
 
   padding = bp->width - count_cols (bp->buffer);
+  assert (padding > 0 && "Padding length became non-positive!");
+  padding = padding > 0 ? padding : 0;
   memset (p, ' ', padding);
   p += padding;
   *p = '\0';
@@ -1174,6 +1176,9 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done)
    * from the release code since we do not want Wget to crash and burn when the
    * assertion fails. Instead Wget should continue downloading and display a
    * horrible and irritating progress bar that spams the screen with newlines.
+   *
+   * By default, all assertions are disabled in a Wget build and are enabled
+   * only with the --enable-assert configure option.
    */
   assert (count_cols (bp->buffer) == bp->width);
 }
-- 
2.7.4


** Patch added: "wget_1.17.1-1ubuntu1.2.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1573307/+attachment/4825717/+files/wget_1.17.1-1ubuntu1.2.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/1573307

Title:
  wget crashed with SIGSEGV in __memset_avx2()

Status in wget package in Ubuntu:
  Confirmed

Bug description:
  EDIT(other user): The crash actually happens when the terminal window
  is too small.

  When I try to download a big file with wget on Ubuntu 16.04 it crashes
  after a couple seconds.

  To reproduce the bug try the following:

  wget http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso

  I've asked another guy on IRC on channel #ubuntu-it to try and reproduce this bug
  and he said it was crashing also on his machine.

  evan at HPPC:~$ lsb_release -rd
  Description:	Ubuntu 16.04 LTS
  Release:	16.04

  evan at HPPC:~$ apt-cache policy wget
  wget:
    Installato: 1.17.1-1ubuntu1
    Candidato:  1.17.1-1ubuntu1
    Tabella versione:
   *** 1.17.1-1ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          100 /var/lib/dpkg/status

  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: wget 1.17.1-1ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Apr 22 01:34:10 2016
  ExecutablePath: /usr/bin/wget
  InstallationDate: Installed on 2016-04-21 (0 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
  ProcCmdline: wget http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso
  SegvAnalysis:
   Segfault happened at: 0x7f4eac3b7328 <__memset_avx2+392>:	rep stos %al,%es:(%rdi)
   PC (0x7f4eac3b7328) ok
   source "%al" ok
   destination "%es:(%rdi)" (0x562969134000) not located in a known VMA region (needed writable region)!
  SegvReason: writing unknown VMA
  Signal: 11
  SourcePackage: wget
  StacktraceTop:
   __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:161
   ?? ()
   ?? ()
   ?? ()
   ?? ()
  Title: wget crashed with SIGSEGV in __memset_avx2()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1573307/+subscriptions

More information about the foundations-bugs mailing list