|
From: | Paul Pluzhnikov |
Subject: | Re: [Libunwind-devel] Segmentation fault while trying to access an address in a PROT_NONE page |
Date: | Tue, 6 Sep 2016 11:44:47 -0700 |
Hello everybody.
While sampling with one of our tools I sometimes come across this bug.
If a sample is triggered, presumably while resolving a symbol of a
shared library, a SIGSEGV occurs.
As libunwind is iterating up the stack, it checks if the address at #20
(backtrace.txt) is accessible. But it's corresponding page is mapped
with the PROT_NONE property which is usually used for guard pages.
Since the memory is mapped correctly, calls to mincore() or msync()
succeed, stating that the address is valid. But what they don't test is
the actual accessibility of the address.
Me and a colleague of mine are not sure if it's even a valid address or
a bug of some other library. I however attached a test case to
reproduce the error (access_mem_test.c) and a possible patch that adds
the necessary accessibility test.
This test uses write() to check if the value at an address can be
written to a pipe. If the address is not accessible the write fails but
doesn't raise a signal.
I'm certain, that the patch needs one or two more iterations e.g. the
pipe needs to be closed somewhere. Maybe you guys can help me out!
[Prev in Thread] | Current Thread | [Next in Thread] |