Segmentation fault on /jsonrpc

[capntrips]

Potentially related to #621, except with /jsonrpc/history?=false, /jsonrpc/listgroups, and /jsonrpc. There is no output, unless the build is configured with --enable-debug.

When debug is enabled, here are the relevant lines in the log leading up to the crashes:

Sun Feb 21 05:30:02 2021        254     3061509484      DEBUG   Final URL=/jsonrpc/history?=false (WebServer.cpp:240:ParseUrl)                                                                            
Sun Feb 21 05:30:02 2021        254     3061509484      DEBUG   request received from 172.20.0.1 (WebServer.cpp:123:Execute)
Sun Feb 21 05:30:02 2021        254     3061509484      DEBUG   MethodName=history (XmlRpc.cpp:418:Dispatch)          
Sun Feb 21 05:30:02 2021        254     3061509484      ERROR   Segmentation fault

and:

Sun Feb 21 05:30:22 2021        283     3062213996      DEBUG   [/jsonrpc/listgroups] [...] HTTP/1.1 304 Not Modified [...] (WebServer.cpp:545:SendBodyResponse)
Sun Feb 21 05:30:22 2021        283     3062213996      DEBUG   Sending data (Connection.cpp:366:Send)
Sun Feb 21 05:30:22 2021        283     3061849452      ERROR   Segmentation fault

and:

Sun Feb 21 05:39:25 2021        299     3062607212      DEBUG   Final URL=/jsonrpc (WebServer.cpp:240:ParseUrl)
Sun Feb 21 05:39:25 2021        299     3062607212      DEBUG   Request=[...] (WebServer.cpp:120:Execute)
Sun Feb 21 05:39:25 2021        299     3062607212      DEBUG   request received from 172.20.0.3 (WebServer.cpp:123:Execute)
Sun Feb 21 05:39:25 2021        299     3062607212      DEBUG   MethodName=history (XmlRpc.cpp:418:Dispatch)
Sun Feb 21 05:39:25 2021        299     3062607212      ERROR   Segmentation fault

The [...] are my edits.

This is in a Docker container on Alpine 3.13, which appears to use musl 1.2.2, on a Raspberry Pi 4. I tested with 21.0, 21.1-r2311, and the tip of the dev branch. It worked fine on Alpine 3.12.

[capntrips]

Here's a backtrace from v21.0:

#0  0xb6f944c4 in memchr (src=src@entry=0x9a8, c=c@entry=0, n=n@entry=2147483647) at src/string/memchr.c:17
#1  0xb6f94dae in strnlen (s=s@entry=0x9a8 <error: Cannot access memory at address 0x9a8>, n=2147483647) at src/string/strnlen.c:5
#2  0xb6f6b3d0 in printf_core (f=f@entry=0xb67ec180, 
    fmt=fmt@entry=0x5e9828 "\"NZBID\" : %i,\n\"NZBName\" : \"%s\",\n\"NZBNicename\" : \"%s\",\n\"Kind\" : \"%s\",\n\"URL\" : \"%s\",\n\"NZBFilename\" : \"%s\",\n\"DestDir\" : \"%s\",\n\"FinalDir\" : \"%s\",\n\"Category\" : \"%s\",\n\"ParStatus\" : \"%s\",\n\"ExParStatus\" : \"%s"..., ap=ap@entry=0xb67ec07c, nl_arg=nl_arg@entry=0xb67ec0a8, nl_type=<optimized out>, nl_type@entry=0xb67ec080)
    at src/stdio/vfprintf.c:594
#3  0xb6f93642 in vfprintf (f=0xb67ec180, 
    fmt=fmt@entry=0x5e9828 "\"NZBID\" : %i,\n\"NZBName\" : \"%s\",\n\"NZBNicename\" : \"%s\",\n\"Kind\" : \"%s\",\n\"URL\" : \"%s\",\n\"NZBFilename\" : \"%s\",\n\"DestDir\" : \"%s\",\n\"FinalDir\" : \"%s\",\n\"Category\" : \"%s\",\n\"ParStatus\" : \"%s\",\n\"ExParStatus\" : \"%s"..., ap=..., ap@entry=...) at src/stdio/vfprintf.c:683
#4  0xb6f80e68 in vsnprintf (s=s@entry=0x0, n=n@entry=0, 
    fmt=fmt@entry=0x5e9828 "\"NZBID\" : %i,\n\"NZBName\" : \"%s\",\n\"NZBNicename\" : \"%s\",\n\"Kind\" : \"%s\",\n\"URL\" : \"%s\",\n\"NZBFilename\" : \"%s\",\n\"DestDir\" : \"%s\",\n\"FinalDir\" : \"%s\",\n\"Category\" : \"%s\",\n\"ParStatus\" : \"%s\",\n\"ExParStatus\" : \"%s"..., ap=...) at src/stdio/vsnprintf.c:54
#5  0x005bf336 in StringBuilder::AppendFmtV (this=this@entry=0xb69525b0, 
    format=0x5e9828 "\"NZBID\" : %i,\n\"NZBName\" : \"%s\",\n\"NZBNicename\" : \"%s\",\n\"Kind\" : \"%s\",\n\"URL\" : \"%s\",\n\"NZBFilename\" : \"%s\",\n\"DestDir\" : \"%s\",\n\"FinalDir\" : \"%s\",\n\"Category\" : \"%s\",\n\"ParStatus\" : \"%s\",\n\"ExParStatus\" : \"%s"..., format@entry=0x0, ap=..., ap@entry=...) at daemon/util/NString.cpp:385
#6  0x005b4ffc in XmlCommand::AppendFmtResponse (this=this@entry=0xb69525a0, 
    format=0x5e9828 "\"NZBID\" : %i,\n\"NZBName\" : \"%s\",\n\"NZBNicename\" : \"%s\",\n\"Kind\" : \"%s\",\n\"URL\" : \"%s\",\n\"NZBFilename\" : \"%s\",\n\"DestDir\" : \"%s\",\n\"FinalDir\" : \"%s\",\n\"Category\" : \"%s\",\n\"ParStatus\" : \"%s\",\n\"ExParStatus\" : \"%s"...) at daemon/remote/XmlRpc.cpp:786
#7  0x005b7e80 in NzbInfoXmlCommand::AppendNzbInfoFields (this=this@entry=0xb69525a0, nzbInfo=nzbInfo@entry=0xb6956020) at daemon/remote/XmlRpc.cpp:1741
#8  0x005b87b4 in HistoryXmlCommand::Execute (this=0xb69525a0) at daemon/remote/XmlRpc.cpp:2525
#9  0x005bafa4 in XmlRpcProcessor::Dispatch (this=this@entry=0xb67ec6bc) at daemon/remote/XmlRpc.cpp:436
#10 0x005bb066 in XmlRpcProcessor::Execute (this=this@entry=0xb67ec6bc) at daemon/remote/XmlRpc.cpp:369
#11 0x005b4776 in WebProcessor::Dispatch (this=this@entry=0xb67ec71c) at daemon/remote/WebServer.cpp:332
#12 0x005b4932 in WebProcessor::Execute (this=this@entry=0xb67ec71c) at daemon/remote/WebServer.cpp:125
#13 0x005b1f86 in RequestProcessor::ServWebRequest (this=this@entry=0xb6aaa660, signature=signature@entry=0xb67ecc90 "GET \310\f\365\266\204\251\375\266\061X\371\266\200")
    at daemon/remote/RemoteServer.cpp:277
#14 0x005b2098 in RequestProcessor::Execute (this=this@entry=0xb6aaa660) at daemon/remote/RemoteServer.cpp:221
#15 0x005b21a0 in RequestProcessor::Run (this=0xb6aaa660) at daemon/remote/RemoteServer.cpp:173
#16 0x005c1dc4 in Thread::thread_handler (this=0xb6aaa660) at daemon/util/Thread.cpp:115
#17 0x005c1e4a in operator() (__closure=0xb6951dd4) at daemon/util/Thread.cpp:63
#18 std::__invoke_impl<void, Thread::Start()::<lambda()> > (__f=...) at /usr/include/c++/10.2.1/bits/invoke.h:60
#19 std::__invoke<Thread::Start()::<lambda()> > (__fn=...) at /usr/include/c++/10.2.1/bits/invoke.h:95
#20 std::thread::_Invoker<std::tuple<Thread::Start()::<lambda()> > >::_M_invoke<0> (this=<optimized out>) at /usr/include/c++/10.2.1/thread:264
#21 std::thread::_Invoker<std::tuple<Thread::Start()::<lambda()> > >::operator() (this=<optimized out>) at /usr/include/c++/10.2.1/thread:271
#22 std::thread::_State_impl<std::thread::_Invoker<std::tuple<Thread::Start()::<lambda()> > > >::_M_run(void) (this=0xb6951dd0) at /usr/include/c++/10.2.1/thread:215

The relevant lines for quick reference:

• src/string/memchr.c:17
• src/string/strnlen.c:5
• src/stdio/vfprintf.c:594
• src/stdio/vfprintf.c:683
• src/stdio/vsnprintf.c:54
• daemon/util/NString.cpp:385
• daemon/remote/XmlRpc.cpp:786
• daemon/remote/XmlRpc.cpp:1741

[capntrips]

Found the issue:

musl 1.2.0 changes the definition of time_t, and thereby the definitions of all derived types, to be 64-bit across all archs. This and related changes are collectively referred to as "time64", and are necessary so that data types and functions dealing with time can represent time past early 2038, where the existing 32-bit type on 32-bit archs would overflow.

According to that document, musl provides compat/time32, but I'm not immediately seeing any examples of how to use it.

It also appears that glibc can be configured to use 64-bit time, but I'm not sure what implications that will have beyond updating the printf format here.

[hugbug]

Thank you very much for finding the cause of the issue and for fixing it.