subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <s...@elego.de>
Subject Re: Segfault in svnserve on UB 16.04 LTS sometimes, possible use-after-free?
Date Thu, 18 Apr 2019 21:39:50 GMT
On Thu, Apr 18, 2019 at 04:21:58PM +0200, Thorsten Schöning wrote:
> Hi all,
> 
> some days ago I recognized a segfault in svnserve which seems to have
> been documented for UB 16.04 LTS already:
> 
> > Apr 12 09:58:55 [...] kernel: [214930.125762] svnserve[556]:  segfault at 7f5f75994f00
ip 00007f5f74ea1065 sp 00007ffddc1353f0 error 4 in libsvn_subr-1.so.1.0.0[7f5f74e43000+d3000]
> > Apr 12 10:11:41 [...] kernel: [215695.854475] svnserve[3769]: segfault at 7f5f75994f00
ip 00007f5f74ea1065 sp 00007ffddc1353f0 error 4 in libsvn_subr-1.so.1.0.0[7f5f74e43000+d3000]
> 
> https://answers.launchpad.net/ubuntu/+question/404322
> 
> In all cases the version seems to be the default one distributed by
> UB, 1.9.3, and one additional thing in common seems to be the usage
> of hooks at least in some repos. The thread starter e.g. sends mails,
> while in one of my repos I'm distributing commits using svnsync.

> After posting the problem to the user mailing list, I was instructed
> to install debug symbols and get a core dump with some stacktrace and
> did so.

Great. Thanks for taking the time to get a stack trace.

> > Stacktrace:
> >  #0  object_ref_cleanup (baton=0x7f5f75994f00) at /build/subversion-8E3yhQ/subversion-1.9.3/subversion/libsvn_subr/object_pool.c:148
> >          object = 0x7f5f75994f00
> >          object_pool = <optimized out>
> >  #1  0x00007f5f747e4e3e in apr_pool_destroy () from /usr/lib/x86_64-linux-gnu/libapr-1.so.0
> >  No symbol table info available.

This stack trace looks very much like the issue fixed with this change:
https://svn.apache.org/r1818584
The fix was released as part of SVN 1.9.9 on 20 July 2018.

You should upgrade. And please ask Ubuntu to stop shipping outdated
software with known bugs ;-) Thanks.

Mime
View raw message