|
From: | Johannes Ziegenbalg |
Subject: | [Libunwind-devel] Segmentation fault while trying to access an address in a PROT_NONE page |
Date: | Tue, 6 Sep 2016 17:19:16 +0000 |
Hello everybody. While sampling with one of our tools I sometimes come across this bug. If a sample is triggered, presumably while resolving a symbol of a shared library, a SIGSEGV occurs. As libunwind is iterating up the stack, it checks if the address at #20 (backtrace.txt) is accessible. But it's corresponding page is mapped with the PROT_NONE property which is usually used for guard pages. Since the memory is mapped correctly, calls to mincore() or msync() succeed, stating that the address is valid. But what they don't test is the actual accessibility of the address. Me and a colleague of mine are not sure if it's even a valid address or a bug of some other library. I however attached a test case to reproduce the error (access_mem_test.c) and a possible patch that adds the necessary accessibility test. This test uses write() to check if the value at an address can be written to a pipe. If the address is not accessible the write fails but doesn't raise a signal. I'm certain, that the patch needs one or two more iterations e.g. the pipe needs to be closed somewhere. Maybe you guys can help me out! Best regards, -- Dipl.-Inf. Johannes Ziegenbalg Research Assistant Technische Universität Dresden, Germany Center for Information Services and High Performance Computing (ZIH) Tel.: +49 (351) 463-42417 E-Mail: address@hidden
backtrace.txt
Description: Text document
access_mem_test.c
Description: Text Data
0001-PATCH-x86_64-fix-mincore_validate-and-msync_validate.patch
Description: Text Data
smime.p7s
Description: S/MIME cryptographic signature
[Prev in Thread] | Current Thread | [Next in Thread] |