User:Reedy/MWRegexSegfault

 Reedy: apt-get install libc6-dbg libpcre3-dbg  cpg: are they open proxy users or something? Can't you range block or edit rate limit users or something? i don't know  TimStarling, installed  then attach to a random thread with gdb, then trigger the segfault in a loop  curl -vvv 'http://77.86.93.55/w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page' -F wpName=rjkiugfoeurgy -F wpPassword=piuhmsowiuerw -F 'wpLoginAttempt=Log in' -F wpLoginToken=731d51069384c12275e682714410e4ea -H 'Cookie: wikidb_mw__session=dcb5db152ae0e064e7d32bc9010c47c1'  did you get that whole line?  Up to the end of the cookie, yeah  yeah, that's right, running that will trigger the segfault <-- whiteknight has quit (Quit: Leaving)  so: while true; do ; done  do you know how to use gdb?  Nope, was just going to ask that..  /google  first you need the PID, so: ps -C apache2  that should show a lot of processes since you're using prefork  yup <TimStarling> pick any process other than the parent <Reedy> parent i guess is lowest pid? <TimStarling> usually --> tomasz (~tomasz@c-67-164-99-48.hsd1.ca.comcast.net) has joined #mediawiki --> rainman-sr (~rainman@wikipedia/Rainman) has joined #mediawiki hey what's going on everyone. hope you're all well. <TimStarling> start gdb with no arguments <TimStarling> if you don't have it, apt-get install gdb <Reedy> that looks to be under user root, everything else is ww-wdata <TimStarling> yeah, sounds right <TimStarling> then: attach <-- mlei (~Adium@cpe-76-166-175-197.socal.res.rr.com) has left #mediawiki <Reedy> yup <TimStarling> cont <TimStarling> then run the loop, then it should drop out to a prompt when it segfaults <TimStarling> cont is short for continue, it continues the process kaldari * <http://www.mediawiki.org/wiki/Special:Code/MediaWiki/76936> /trunk/extensions/DonationInterface/payflowpro_gateway/forms/ (TwoStepTwoColumnLetter.php TwoStepTwoColumnLetterCA.php): fixing for placeholders <TimStarling> then "bt" gives you a backtrace <Reedy> that didn't take long <TimStarling> with debug symbols installed, you should now be able to see the arguments to the PCRE functions <TimStarling> so that tells you what regex it's segfaulting on, and so what part of the MW code is the problem <Reedy> #5 0x00007f6062a86767 in pcre_compile2 ( <Reedy>     pattern=0x7f6064763e28 "^(?:::|:(?::([0-9A-Fa-f]{1,4})){1,7}|([0-9A-Fa-f]{1,4})(?::([0-9A-Fa-f]{1,4})){0,6}::|([0-9A-Fa-f]{1,4})(?::([0-9A-Fa-f]{1,4})){7}|([0-9A-Fa-f]{1,4})(?::(?P (?!(?P=abn)):(?P ))?([0-9A-Fa-f]{1"..., <TimStarling> crikey <Reedy> AaronSchulz! <Reedy> IPV6 at a guess <OverlordQ> jesus <Reedy> TimStarling, that's rather cool <Reedy> AaronSchulz, you about? :D <TimStarling> easier than $wgDebugFunctionEntry, which is what I used to use for this when I was a poor Windows user <Reedy> 76876 or 76928 at a guess <Reedy> just waiting for svn up to work <OverlordQ> the latest one <OverlordQ> 76927 works <TimStarling> btw a double free means a dangling pointer, which means a potential security vulnerability <-- rainman-sr has quit (Ping timeout: 255 seconds) yaron * <http://www.mediawiki.org/wiki/Special:Code/MediaWiki/76937> /trunk/extensions/ApprovedRevs/ApprovedRevs.hooks.php: Two bug fixes: a hack-ish fix so that pages being edited with the Semantic Forms extension get their contents saved correctly, and a fix so that the latest revision, when it's different from the approved one, gets displayed correctly with MW >= 1.17. <TimStarling> if your PCRE library is up to date, you should probably report it