elinks: crashes on a specially crafted page

Debian Bug report logs - #380347
elinks: crashes on a specially crafted page

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jakub Wilk <ubanus@users.sf.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: elinks: crashes on a specially crafted page

Date: Sat, 29 Jul 2006 14:15:19 +0200

[Message part 1 (text/plain, inline)]

Package: elinks
Version: 0.11.1-1
Severity: important

Elinks crashes on a specially crafted page:

$ elinks -config-file /dev/null buggy.html

[ Press backslash twice ]

ELinks crashed. That shouldn't happen. Please report this incident to
the developers. If you would like to help to debug the problem you just
uncovered, please keep the core you just got and send the developers
the output of 'bt' command entered inside of gdb (which you run as:
gdb elinks core). Thanks a lot for your cooperation!

ELinks 0.11.1 (built on May 24 2006 20:12:14)

Features:
Standard, Fastmem, IPv6, gzip, bzip2, Periodic Saving, Timer, Cascading Style Sheets,
Protocol (File, FTP, HTTP, NNTP, SMB, URI rewrite, User protocols), SSL (GnuTLS),
MIME (Option system, Mailcap, Mimetypes files), LED indicators, Bookmarks,
Cookies, Form History, Global History, Scripting (Lua, Perl), Goto URL History,
Search History

elinks(dump_backtrace+0x23)[0x80d0173]
elinks[0x80abca4]
elinks[0x80ac17f]
[0xffffe420]
elinks(dcgettext__+0x31)[0x809e881]
elinks(gettext__+0x22)[0x809fd12]
elinks(get_state_message+0x6c)[0x80aa71c]
elinks(get_download_msg+0x42)[0x807a782]
elinks(print_screen_status+0x76c)[0x807b1dc]
elinks(refresh_view+0x11d)[0x80d628d]
elinks(draw_formatted+0xcf)[0x80d637f]
elinks(do_action+0xd94)[0x80d47e4]
elinks(send_event+0xa5)[0x80e07e5]
elinks(in_term+0x46b)[0x80c877b]
elinks(select_loop+0x1f6)[0x80a4106]
elinks(main+0x41)[0x80a3791]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd0)[0xa7cafeb0]
elinks[0x8059891]
Aborted

-- System Information:
Debian Release: testing/unstable
 APT prefers testing
 APT policy: (900, 'testing'), (600, 'unstable'), (500, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17-1-686
Locale: LANG=C, LC_CTYPE=pl_PL (charmap=ISO-8859-2)

Versions of packages elinks depends on:
ii  debconf                       1.5.2      Debian configuration management sy
ii  libbz2-1.0                    1.0.3-3    high-quality block-sorting file co
ii  libc6                         2.3.6-15   GNU C Library: Shared libraries
ii  libexpat1                     1.95.8-3.2 XML parsing C library - runtime li
ii  libgnutls13                   1.4.1-1    the GNU TLS library - runtime libr
ii  libgpmg1                      1.19.6-22  General Purpose Mouse - shared lib
ii  libidn11                      0.6.5-1    GNU libidn library, implementation
ii  liblua50                      5.0.2-6    Main interpreter library for the L
ii  liblualib50                   5.0.2-6    Extension library for the Lua 5.0 
ii  libperl5.8                    5.8.8-4    Shared Perl library
ii  zlib1g                        1:1.2.3-13 compression library - runtime

elinks recommends no packages.

-- debconf-show failed

-- 
Jakub Wilk

[buggy.html (text/html, attachment)]

Message #8 received at 380347-submitter@bugs.debian.org (full text, mbox, reply):

From: Kalle Olavi Niemitalo <kon@iki.fi>

To: 380347-submitter@bugs.debian.org

Subject: Re: Bug#380347: elinks: crashes on a specially crafted page

Date: Tue, 01 May 2007 15:18:10 +0300

[Message part 1 (text/plain, inline)]

Jakub Wilk <ubanus@users.sf.net> writes:

> Elinks crashes on a specially crafted page:
>
> $ elinks -config-file /dev/null buggy.html
>
> [ Press backslash twice ]

Thank you for the report and the test case.  The crash was
caused by a static array overflowing to corrupt other variables.
The array index was checked too late.  I have fixed this in:

ELinks 0.11.3.GIT (14588b9455583096ddeb54b0541bfc230a2a2451)
ELinks 0.12.GIT (341d54151f69d087112e1514b928e3fcc1810194)

The fix will be in ELinks 0.11.4 and 0.12.0 when/if they are
released.

[Message part 2 (application/pgp-signature, inline)]

Message #19 received at 380347-close@bugs.debian.org (full text, mbox, reply):

From: Y Giridhar Appaji Nag <giridhar@appaji.net>

To: 380347-close@bugs.debian.org

Subject: Bug#380347: fixed in elinks 0.11.3-1

Date: Sat, 12 Jan 2008 15:37:24 +0000

Source: elinks
Source-Version: 0.11.3-1

We believe that the bug you reported is fixed in the latest version of
elinks, which is due to be installed in the Debian FTP archive:

elinks-data_0.11.3-1_all.deb
  to pool/main/e/elinks/elinks-data_0.11.3-1_all.deb
elinks-doc_0.11.3-1_all.deb
  to pool/main/e/elinks/elinks-doc_0.11.3-1_all.deb
elinks-lite_0.11.3-1_i386.deb
  to pool/main/e/elinks/elinks-lite_0.11.3-1_i386.deb
elinks_0.11.3-1.diff.gz
  to pool/main/e/elinks/elinks_0.11.3-1.diff.gz
elinks_0.11.3-1.dsc
  to pool/main/e/elinks/elinks_0.11.3-1.dsc
elinks_0.11.3-1_i386.deb
  to pool/main/e/elinks/elinks_0.11.3-1_i386.deb
elinks_0.11.3.orig.tar.gz
  to pool/main/e/elinks/elinks_0.11.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 380347@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Y Giridhar Appaji Nag <giridhar@appaji.net> (supplier of updated elinks package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 07 Jan 2008 00:10:17 +0530
Source: elinks
Binary: elinks-lite elinks-doc elinks elinks-data
Architecture: source i386 all
Version: 0.11.3-1
Distribution: unstable
Urgency: low
Maintainer: Y Giridhar Appaji Nag <giridhar@appaji.net>
Changed-By: Y Giridhar Appaji Nag <giridhar@appaji.net>
Description: 
 elinks     - Advanced text-mode WWW browser
 elinks-data - Data files for ELinks - An advanced text-mode WWW browser
 elinks-doc - Documentation for ELinks - An advanced text-mode WWW browser
 elinks-lite - Lightweight version of Elinks - An advanced text-mode WWW browser
Closes: 257762 313696 315886 380347 403139 413911 429311 431211 451088
Changes: 
 elinks (0.11.3-1) unstable; urgency=low
 .
   * Adopted by Y Giridhar Appaji Nag <giridhar@appaji.net> (Closes: #451088)
     + Add Co-maintainer Moritz Muehlenhoff <jmm@inutil.org> to Uploaders
   * Documentation is now built using sources, depends on the features
     configured while building elinks.
   * Remove superfluous m4 and bison Build-Depends.
   * Arch indep part of elinks is large, moved it to elinks-data package
     + Add lintian/linda overrides for elinks.1 man-page (installed by the
       elinks-data package).
   * New upstream release 0.11.3 (Closes: #429311)
     + Don't crash while sorting thru bookmarks (Closes: #315886)
     + German PO file corrections (Closes: #313696)
     + Use off_t for file size in FTP listing (Closes: #403139)
   * Add get-orig-source target that gets orig source and removes debian
     directory, translation files and config.{log,status} etc.
   * Change from DH_COMPAT 4 to debian/compat (5)
   * Move debian/watch file to version 3
   * Bump up Standards-Version to 3.7.3
     + Updated menu files for the latest menu policy.
     + debian/copyright: include all the major authors and copyright holders
       listed in source files.  ELinks is GPL2 only (Closes: #431211)
   * Add Homepage: and Vcs-*: fields to debian/control
   * maint-scripts: Remove debconf dependency and moving of elinks.conf.  Old
     transition code, not necessary anymore.
   * DH_ALWAYS_EXCLUDE=.gitignore in debian/rules (Closes: #413911)
   * Add debian/patches, but not using dpatch
     + Patch 01_asciidoc-escape-FTBFS.diff: Escape characters for asciidoc
       conversion (prevents FTBFS in make all-docs)
     + Patch 02_setup-bugs-FSSTND.diff: Point bugs URL to debian.org and
       remove FSSTND dir in setup.h etc.
     + Patch 03_417789-CVE-2007-2027.diff: Patch for #417789 from Julien
       Cristau <jcristau@debian.org> made a diff.
     + Patch 04_380347-entity_cache-overflow.diff: Prevent a buffer overflow
       in entity_cache.  Thanks Kalle Olavi Niemitalo <kon@iki.fi> for the fix
       (Closes: #380347)
     + Patch 05_257762-transparency-off.diff: Turn terminal transparency off
       by default.  Thanks Petr Baudis for the fix and Kalle Olavi Niemitalo
       <kon@iki.fi> for a pointer to the fix (Closes: #257762)
     + Patch 06_elinks.conf-parse-error.diff: create elinks-lite.conf, set
       config.saving_style=3 and comment options that are not valid.
     + Patch 07_local-CGI-query-fix.diff: Fix broken query parsing of file:
       URIs for local CGI.
Files: 
 547e5d16dff4249ee5003e976dce2435 1023 web optional elinks_0.11.3-1.dsc
 d2df1fb2b207d749f68de869c0183d84 3126765 web optional elinks_0.11.3.orig.tar.gz
 7ae2ce8d55cfec6ebb728eab07b86f11 37229 web optional elinks_0.11.3-1.diff.gz
 e979a1b26c8ea41f552f45dacf44ef71 471860 web optional elinks_0.11.3-1_i386.deb
 abe6839f723ca247e1cee026e6f607d2 373042 web optional elinks-lite_0.11.3-1_i386.deb
 de577fe28e9ccf49a8a31578f2b749dd 664594 web optional elinks-data_0.11.3-1_all.deb
 2d575b7d114811ef11b64953f626cd8f 536170 doc optional elinks-doc_0.11.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHg8brXm3vHE4uyloRAkEPAJ9QBxEZ0lHcGa72Ljll4/7j8zihwQCg023z
Q8/Vy8c2Y9xiW+79fnvAvNo=
=9bAd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.