Ubuntu
siege package

siege crashed with SIGSEGV in *GI___strtol_l_internal()

Bug #347815 reported by Martin Olsson on 2009-03-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	siege (Ubuntu)	Fix Released	Medium	Tristan Greaves

Bug Description

Binary package hint: siege

run "siege -internet" (instead of the real command which is "siege --internet" with two dashes).
This SEGV is 100% reproducible.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/bin/siege
Package: siege 2.66-2
ProcCmdline: siege localhost:8080 -internet -url list_of_urls.txt
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
Signal: 11
SourcePackage: siege
StacktraceTop:
*__GI_____strtol_l_internal (nptr=0x0, endptr=0x0, base=10, group=0,
?? ()
?? ()
?? ()
__libc_start_main (
Title: siege crashed with SIGSEGV in *__GI_____strtol_l_internal()
Uname: Linux 2.6.29-020629rc8-generic x86_64
UserGroups: adm admin cdrom dialout fuse lpadmin plugdev sambashare

Tags:

Revision history for this message

Martin Olsson (mnemo) wrote on 2009-03-24:

Dependencies.txt Edit (519 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (3.4 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (754 bytes, text/plain; charset="utf-8")
Registers.txt Edit (933 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (1.5 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (1.5 KiB, text/plain; charset="utf-8")

Revision history for this message

Martin Olsson (mnemo) wrote on 2009-03-24:

Here is the stack from GDB in case the retracer chokes:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f7b7c2376f0 (LWP 10372)]
*__GI_____strtol_l_internal (nptr=0x0, endptr=0x0, base=10, group=0, loc=0x7f7b7b649580) at ../stdlib/strtol_l.c:298
298 ../stdlib/strtol_l.c: No such file or directory.
in ../stdlib/strtol_l.c
(gdb) bt
#0 *__GI_____strtol_l_internal (nptr=0x0, endptr=0x0, base=10, group=0, loc=0x7f7b7b649580) at ../stdlib/strtol_l.c:298
#1 0x000000000040e62b in parse_time (p=0x7fff8426667f "ernet") at /usr/include/stdlib.h:286
#2 0x000000000040adc4 in parse_cmdline (argc=2, argv=0x7fff84264608) at main.c:236
#3 0x000000000040b113 in main (argc=2, argv=0x7fff84264608) at main.c:312
(gdb)

Revision history for this message

Martin Olsson (mnemo) wrote on 2009-03-24:

"siege -te" is sufficient to crash it, I don't think "siege -ate" should invoke the time parsing at all but it does.

I had a quick look at the code. This is not related to this bug but... The second if statement here is funny, this guy manages to malloc sub, leak it, strdup buffer and leak that as well. And casting size_t to int is a great practice.... not (length and start should be redeclared as size_t instead). I still siege though because it's easier to use than httperf and so on, but the code...

substring(char *buffer, int start, int length)
{
char *sub;
sub = malloc (sizeof (char) * (length + 1));

if ((length < 1) || (start < 0) || (start > (int)strlen (buffer)))
return NULL;

  if ((int)strlen (buffer) < length){
    sub = (char*) strdup (buffer);
    return buffer;
  }
...

To fix the bug at hand, it's sufficient to add "if (x ==0) return;" right after the while loop in parse_time(), like this:

parse_time(char *p)
{
  size_t x = 0;
  my.time = my.secs = 0;
  while(ISDIGIT(p[x]))
    x++;
  if (x == 0)
    return;

Running "valgrind siege -te" still shows leaks though.

Revision history for this message

Apport retracing service (apport) wrote on 2009-03-24: Symbolic stack trace

Stacktrace.txt (retraced) Edit (1.3 KiB, text/plain)

StacktraceTop:*__GI_____strtol_l_internal (nptr=0x0, endptr=0x0, base=10, group=0,
parse_time (p=0x7fff6718e65b "ernet")
parse_cmdline (argc=5, argv=0x7fff6718d4f8)
main (argc=5, argv=0x7fff6718d4f8) at main.c:312

Revision history for this message

Apport retracing service (apport) wrote on 2009-03-24: Symbolic threaded stack trace

ThreadStacktrace.txt (retraced) Edit (1.3 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2009-03-24: Stack trace with source code

StacktraceSource.txt Edit (686 bytes, text/plain)

Changed in siege:
importance:	Undecided → Medium

Revision history for this message

Tristan Greaves (tristan-extricate) wrote on 2009-03-24:

I can confirm this and am going to enact a fix upstream. I am now adopting this package upstream. Will keep you posted. Thanks for taking the time to debug this and provide the patch!

Changed in siege:
assignee:	nobody → tristan-extricate
status:	New → In Progress

Revision history for this message

Chuck Short (zulcss) wrote on 2009-10-13:

I was not able to reproduce this on karmic.

Regards
chuck

Changed in siege (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusiege package

siege crashed with SIGSEGV in *__GI_____strtol_l_internal()

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
siege package

siege crashed with SIGSEGV in *GI___strtol_l_internal()