Segfault in decodeCertificate on Ubuntu 12.04 GHC 7.4.1

[jhartikainen]

Decoding certain certificates will make decodeCertificate cause a segmentation fault on Ubuntu 12.04, using GHC 7.4.1 and 7.4.2.

I have had one additional user confirm this issue (on Ubuntu 12.04 as well), so it shouldn't be a problem with my system.

The following Gist contains a short source listing to reproduce this: https://gist.github.com/3786838

The certificate file required by the test application can be found from the following URL: http://jjh.fi/~jani/7d0b38bd.0

Note that this is a certificate found in /etc/ssl/certs/ by default on Ubuntu 12.04, and thus it will cause a segfault in code which uses for example findCertificate (which in turn uses decodeCertificate)

[vincenthz]

I can't reproduce this. the certificate parses nicely (certificate 1.2.8). it would be helpful to have a stack trace produced with gdb of the program. and also check that the certificate program that is available in the certificate package works.

./dist/build/certificate/certificate x509 7d0b38bd.0
version: 2
serial:  63143484348153506665311985501458640051
sigalg:  SignatureALG HashSHA384 PubKeyALG_ECDSA
issuer:
     [2,5,4,3]: VeriSign Class 3 Public Primary Certification Authority - G4
     [2,5,4,6]: US
     [2,5,4,10]: VeriSign, Inc.
     [2,5,4,11]: VeriSign Trust Network
......

[jhartikainen]

Maybe a bit dumb question but how do I build the certificate program? Cabal install doesn't seem to produce one.

Here's the trace from gdb:

#0  0x080cc280 in s1Jv_info ()
#1  0x00000000 in ?? ()

This seems to only reproduce on Ubuntu 12.04. Another person confirmed it does not reproduce on Ubuntu 11.04, and it worked for me on 10.04 as well.

I've tried this with the ghc package from apt, and from-source compiled 7.4.1 and 7.4.2.

I can get strace and ltrace output as well if those would be of any help.

[vincenthz]

ok the stack trace isn't really helpful, as often the case with haskell. to compile the certificate program you need to use

 cabal configure --flag executable <your other flags>

cabal build will produce the binary in dist/build/certificate/, so you don't need to install it.

btw, which are the versions of {base64-bytestring,pem,certificate} ?

[jhartikainen]

It actually might be an issue with certificate-1.2.6, since things are actually working for me as well now when using 1.2.8... I will run some further tests and get back on this.

[jhartikainen]

Yeah, just confirmed. The issue was on version 1.2.6 and 1.2.8 works perfectly fine.

Thanks for the assistance, I've been fighting this for like three days, finally tracked it all the way down to this lib and now everything is sorted :)

[vincenthz]

I can't really think of a reason why certificate 1.2.6 would segfault and 1.2.8 wouldn't. the diff between the 2 versions is really small and it's pretty much run of the mill haskell code without unsafeness/mutability/hardcore/etc. I wish i had more time to debug this, but as it's working with 1.2.8 i won't go further. thanks,