Sefmentation Fault

[Andrew Cooks]

How are you gentlemen?

On the first run, after supplying my name and email address, it Segfaults.

Valgrind says:

Thread 3:
==27002== Syscall param socketcall.send(msg) points to uninitialised byte(s)
==27002==    at 0x625FAF8: send (in /lib/libpthread-2.7.so)
==27002==    by 0x6309BD7: pt_SocketWrite (in /opt/VirtualBox/VBoxXPCOM.so)
==27002==    by 0x6322F6E: PR_Write (in /opt/VirtualBox/VBoxXPCOM.so)
==27002==    by 0x70F5361: ConnThread(void*) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x6305383: _pt_root (in /opt/VirtualBox/VBoxXPCOM.so)
==27002==    by 0x625818A: start_thread (pthread_create.c:297)
==27002==    by 0x65A1E7D: clone (in /lib/libc-2.7.so)
==27002==  Address 0x7082CD6 is 62 bytes inside a block of size 100 alloc'd
==27002==    at 0x4023998: malloc (vg_replace_malloc.c:149)
==27002==    by 0x70F6393: ipcMessage::Init(nsID const&, char const*, unsigned) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x70F5B0A: ipcmMessageForward::ipcmMessageForward(unsigned, unsigned, nsID const&, char const*, unsigned) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x70EBFCE: IPC_SendMessage(unsigned, nsID const&, unsigned char const*, unsigned) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x70EF4F5: SetupPeerInstance(unsigned, DConnectSetup*, unsigned, void**) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x70EF7EF: ipcDConnectService::CreateInstance(unsigned, nsID const&, nsID const&, void**) (in /opt/VirtualBox/components/VBoxXPCOMIPCC.so)
==27002==    by 0x70FEFCA: VirtualBoxConstructor(nsISupports*, nsID const&, void**) (server_module.cpp:221)
==27002==    by 0x6325595: nsGenericFactory::CreateInstance(nsISupports*, nsID const&, void**) (in /opt/VirtualBox/VBoxXPCOM.so)
==27002==    by 0x62ED030: nsComponentManagerImpl::CreateInstance(nsID const&, nsISupports*, nsID const&, void**) (in /opt/VirtualBox/VBoxXPCOM.so)
==27002==    by 0x81362F5: VBoxGlobal::init() (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x8136C43: VBoxGlobal::instance() (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x8120945: main (in /opt/VirtualBox/VirtualBox)
==27002==
==27002== Thread 1:
==27002== Syscall param write(buf) points to uninitialised byte(s)
==27002==    at 0x625F5DB: (within /lib/libpthread-2.7.so)
==27002==    by 0x61A9AAE: _X11TransWrite (Xtrans.c:900)
==27002==    by 0x61A17F0: _XFlushInt (XlibInt.c:675)
==27002==    by 0x6180EE0: XFlush (Flush.c:41)
==27002==    by 0x425FF1F: QWidget::setCursor(QCursor const&) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x438F886: QWidgetResizeHandler::setMouseCursor(QWidgetResizeHandler::MousePosition) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4390087: QWidgetResizeHandler::setActive(QWidgetResizeHandler::Action, bool) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x439DA8C: QDockWindow::updateGui() (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x439DEBA: QDockWindow::setResizeEnabled(bool) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x8169A87: VBoxSelectorWnd::VBoxSelectorWnd(VBoxSelectorWnd**, QWidget*, char const*, unsigned) (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x812CCA5: VBoxGlobal::selectorWnd() (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x8120A8C: main (in /opt/VirtualBox/VirtualBox)
==27002==  Address 0x698E72B is 27 bytes inside a block of size 16,384 alloc'd
==27002==    at 0x4022ABE: calloc (vg_replace_malloc.c:279)
==27002==    by 0x618F4AD: XOpenDisplay (OpenDis.c:289)
==27002==    by 0x422F176: qt_init_internal(int*, char**, _XDisplay*, unsigned long, unsigned long) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4230045: qt_init(int*, char**, QApplication::Type) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4299020: QApplication::construct(int&, char**, QApplication::Type) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x42993C4: QApplication::QApplication(int&, char**) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x8120387: main (in /opt/VirtualBox/VirtualBox)
==27002==
==27002== Source and destination overlap in mempcpy(0x6EED670, 0x6EED670, 27)
==27002==    at 0x40250DA: mempcpy (mc_replace_strmem.c:116)
==27002==    by 0x6542F95: _IO_default_xsputn (genops.c:469)
==27002==    by 0x651D302: vfprintf (vfprintf.c:1560)
==27002==    by 0x6537B4A: vsprintf (iovsprintf.c:43)
==27002==    by 0x652289D: sprintf (sprintf.c:34)
==27002==    by 0x61DDD44: parse_fontdata (omGeneric.c:618)
==27002==    by 0x61DDEB5: parse_vw (omGeneric.c:1095)
==27002==    by 0x61DE7F2: create_oc (omGeneric.c:1233)
==27002==    by 0x618EA86: XCreateOC (OCWrap.c:53)
==27002==    by 0x6183116: XCreateFontSet (FSWrap.c:185)
==27002==    by 0x4245B34: (within /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4245E31: QInputContext::QInputContext(QWidget*) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==
==27002== Syscall param write(buf) points to uninitialised byte(s)
==27002==    at 0x625F5DB: (within /lib/libpthread-2.7.so)
==27002==    by 0x6832CDE: _IceTransWrite (Xtrans.c:900)
==27002==    by 0x6838CDD: _IceWrite (misc.c:369)
==27002==    by 0x6838DB1: IceFlush (misc.c:82)
==27002==    by 0x682509E: SmcSetProperties (sm_client.c:397)
==27002==    by 0x42226C8: (within /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x422280E: (within /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4230279: (within /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4230B9F: (within /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x6829241: _SmcProcessMessage (sm_process.c:252)
==27002==    by 0x683D607: IceProcessMessages (process.c:344)
==27002==    by 0x4222D63: QSmSocketReceiver::socketActivated(int) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==  Address 0x6C89034 is 12 bytes inside a block of size 1,024 alloc'd
==27002==    at 0x4022ABE: calloc (vg_replace_malloc.c:279)
==27002==    by 0x6830A30: IceOpenConnection (connect.c:211)
==27002==    by 0x6825388: SmcOpenConnection (sm_client.c:135)
==27002==    by 0x4227F11: QSessionManager::QSessionManager(QApplication*, QString&, QString&) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x4298A1C: QApplication::initialize(int, char**) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x429904E: QApplication::construct(int&, char**, QApplication::Type) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x42993C4: QApplication::QApplication(int&, char**) (in /usr/qt/3/lib/libqt-mt.so.3.3.8)
==27002==    by 0x8120387: main (in /opt/VirtualBox/VirtualBox)
Qt WARNING: QThread object destroyed while thread is still running.
==27002==
==27002== Thread 5:
==27002== Invalid write of size 4
==27002==    at 0x645511F: std::string::string(std::string const&) (in /usr/lib/gcc/i686-pc-linux-gnu/4.2.2/libstdc++.so.6.0.9)
==27002==    by 0x81A1EA9: happyhttp::Connection::putrequest(char const*, char const*) (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x6F742066: ???
==27002==  Address 0xD65736F is not stack'd, malloc'd or (recently) free'd
==27002==
==27002== Process terminating with default action of signal 11 (SIGSEGV)
==27002==  Access not within mapped region at address 0xD65736F
==27002==    at 0x645511F: std::string::string(std::string const&) (in /usr/lib/gcc/i686-pc-linux-gnu/4.2.2/libstdc++.so.6.0.9)
==27002==    by 0x81A1EA9: happyhttp::Connection::putrequest(char const*, char const*) (in /opt/VirtualBox/VirtualBox)
==27002==    by 0x6F742066: ???

The core dump is 1.5MB, compressed. I get an error when trying to attach it.

The problem is probably related to this line in my squid access log:

1195059644.708      0 192.168.1.12 TCP_DENIED/411 1686 POST http://www.innotek.de/register762.php? - NONE/- text/html

Ethereal revealed that there is something wrong with the post request:

POST /register762.php?version=1.5.2_OSE HTTP/1.1
Host: www.innotek.de
Accept-Encoding: identity
Connection: close
Content-type: application/x-www-form-urlencoded
Accept: text/plain


HTTP/1.0 411 Length Required
Server: squid/2.6.STABLE13
Date: Wed, 14 Nov 2007 17:45:02 GMT
Content-Type: text/html
Content-Length: 1340
Expires: Wed, 14 Nov 2007 17:45:02 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from fatboy
X-Cache-Lookup: NONE from fatboy:3128
Via: 1.0 fatboy:3128 (squid/2.6.STABLE13)
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to process the request:
<PRE>
POST /register762.php?version=1.5.2_OSE HTTP/1.1
Host: www.innotek.de
Accept-Encoding: identity
Connection: close
Content-Type: application/x-www-f
orm-urlencoded
Accept: text/plain

</PRE>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Invalid Request
</STRONG>
</UL>

<P>
Some aspect of the HTTP Request is invalid.  Possible problems:
<UL>
<LI>Missing or unknown request method
<LI>Missing URL
<LI>Missing HTTP Identifier (HTTP/1.0)
<LI>Request is too large
<LI>Content-Length missing for POST or PUT requests
<LI>Illegal character in hostname; underscor
es are not allowed
</UL>
<P>Your cache administrator is <A HREF="mailto:root">root</A>. 

<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated Wed, 14 Nov 2007 17:45:02 GMT by fatboy (squid/2.6.STABLE13)
</ADDRESS>
</BODY></HTML>

You have no chance to survive. Make your time.

[Frank Mehnert]

duplicate of #889