So I'm trying to use this auditing tool for this superior memory-secure programming language, and it segfaults almost immediately for me: $ cargo-audit audit Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Segmentation fault (core dumped) gdb sez: Program received signal SIGSEGV, Segmentation fault. validate_custom_headers (custom_headers=0x7fffffff9ff0) at /usr/src/debug/dev-libs/libgit2-1.4.3/libgit2-1.4.3/src/remote.c:847 847 if (is_malformed_http_header(custom_headers->strings[i])) { (gdb) bt #0 validate_custom_headers (custom_headers=0x7fffffff9ff0) at /usr/src/debug/dev-libs/libgit2-1.4.3/libgit2-1.4.3/src/remote.c:847 #1 0x00007ffff7ee125f in git_remote_connect_options_normalize (dst=0x7fffffffa080, repo=0x5555563e4380, src=0x7fffffff9f40) at /usr/src/debug/dev-libs/libgit2-1.4.3/libgit2-1.4.3/src/remote.c:914 #2 0x00007ffff7ee21f1 in connect_opts_from_fetch_opts (out=0x7fffffffa080, remote=0x5555563e6330, fetch_opts=0x7fffffffa430) at /usr/src/debug/dev-libs/libgit2-1.4.3/libgit2-1.4.3/src/remote.c:1243 #3 0x00007ffff7ee27c5 in git_remote_fetch (remote=0x5555563e6330, refspecs=0x7fffffffa220, opts=0x7fffffffa430, reflog_message=0x0) at /usr/src/debug/dev-libs/libgit2-1.4.3/libgit2-1.4.3/src/remote.c:1361 #4 0x00005555558fac16 in ?? () #5 0x000055555587852b in ?? () #6 0x000055555584310a in ?? () #7 0x000055555587746e in ?? () #8 0x000055555572f9fa in ?? () #9 0x000055555574c8a4 in ?? () #10 0x000055555574c49d in ?? () #11 0x000055555573ff84 in ?? () #12 0x00005555556d513e in ?? () #13 0x00005555556d5566 in ?? () #14 0x00005555556e0fc5 in ?? () #15 0x00005555556d925d in ?? () #16 0x0000555555710a6b in ?? () #17 0x00005555556e138e in ?? () #18 0x00005555556d78c1 in ?? () #19 0x0000555555ed887e in ?? () #20 0x00005555556d7890 in ?? () #21 0x00005555556d927c in ?? () #22 0x00007ffff76432ca in __libc_start_call_main (main=main@entry=0x5555556d9260, argc=argc@entry=2, argv=argv@entry=0x7fffffffdda8) at ../sysdeps/nptl/libc_start_call_main.h:58 #23 0x00007ffff7643385 in __libc_start_main_impl (main=0x5555556d9260, argc=2, argv=0x7fffffffdda8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdd98) at ../csu/libc-start.c:389 #24 0x000055555566b5b1 in ?? ()
Created attachment 787400 [details] dev-util:cargo-audit-0.15.2:20220624-120647.log
Created attachment 787403 [details] emerge-info.txt
another iteration of https://github.com/gentoo/cargo-ebuild/issues/20 I think. it does not really play well with external libgit so this is endless cat-mouse game. I think I'll disable using system-libgit like I did in rust itself.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bb73b239a249202e150c0e5e52851a5b9abe29f commit 8bb73b239a249202e150c0e5e52851a5b9abe29f Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2022-06-24 18:09:20 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2022-06-24 18:10:44 +0000 dev-util/cargo-audit: revbump 0.15.2, use bundled libgit2 Bug: https://bugs.gentoo.org/854117 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> ...rgo-audit-0.15.2.ebuild => cargo-audit-0.15.2-r1.ebuild} | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-)
ok this should be fixed now. I did a bump too.
