[pcre-dev] [Bug 2487] New: rspamd segfault with 10.34 (works…

https://bugs.exim.org/show_bug.cgi?id=2487

            Bug ID: 2487
           Summary: rspamd segfault with 10.34 (works with 10.32)
           Product: PCRE
           Version: 10.34 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: andreas@???
                CC: pcre-dev@???

Created attachment 1240
--> https://bugs.exim.org/attachment.cgi?id=1240&action=edit
rspamadm backtrace

Hi,

we started seeing a segfault in the rspamd DEP8 tests in Ubuntu after pcre2 is
updated from 10.32 to 10.34. A rebuild of rspamd with 10.34 doesn't fix it.
Attached is the full backtrace with symbols. The segfault happens inside the
pcre2 library, that's why I'm filing the bug here, but please advise if you
believe the bug is in how rspamd is using the library.

The segfault happens when running "/usr/bin/rspamadm configtest" right after
installing the rspamd package and having libpcre2-8-0 10.34 installed.

I'm pasting the backtrace below, and also attaching it, in case the formatting
is broken.

Starting program: /usr/bin/rspamadm configtest
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6f8a888 in pcre2_jit_compile_8 (code=0x0, options=options@entry=1)
at src/pcre2_jit_compile.c:13746
13746    src/pcre2_jit_compile.c: No such file or directory.
#0  0x00007ffff6f8a888 in pcre2_jit_compile_8 (code=0x0,
options=options@entry=1) at src/pcre2_jit_compile.c:13746
        re = 0x0
        functions = <optimized out>
        executable_allocator_is_working = 1
#1  0x00007ffff7ab6663 in rspamd_regexp_post_process (r=0x7ffff1cdef80) at
./src/libutil/regexp.c:190
        jsz = 658
        jit_flags = 1
        jsz = <optimized out>
        jit_flags = <optimized out>
        __func__ = "rspamd_regexp_post_process"
#2  rspamd_regexp_new (pattern=0x7ffff3d7e9c9 "[$€$¢¥₽]", flags=<optimized
out>, err=err@entry=0x7fffffffe230) at ./src/libutil/regexp.c:481
        start = <optimized out>
        end = <optimized out>
        flags_str = <optimized out>
        err_str = <optimized out>
        res = 0x7ffff1cdef80
        explicit_utf = <optimized out>
        r = <optimized out>
        sep = <optimized out>
        real_pattern = <optimized out>
        err_off = 0
        regexp_flags = 524288
        rspamd_flags = <optimized out>
        err_code = 100
        ncaptures = 658
        strict_flags = <optimized out>
        __func__ = "rspamd_regexp_new"
#3  0x00007ffff7b622dd in rspamd_mime_expr_parse_regexp_atom (cfg=<optimized
out>, line=0x7ffff3d7e970 "/[$€$¢¥₽]/Hu", pool=0x7ffff4632000) at
./src/libmime/mime_expressions.c:494
        end = <optimized out>
        p = <optimized out>
        err = 0x0
        re_flags = 0x7ffff47fd400
        begin = 0x7ffff3d7e971 "[$€$¢¥₽]/Hu"
        src = 0x7ffff3d7e968 "Subject=/[$€$¢¥₽]/Hu"
        dbegin = <optimized out>
        start = <optimized out>
        brace = <optimized out>
        dend = 0x7ffff3d7e9d7 ""
        extra = 0x7ffff3d7e9b8 "Subject"
        result = 0x7ffff3d7e988
        begin = <optimized out>
        end = <optimized out>
        p = <optimized out>
        src = <optimized out>
        start = <optimized out>
        brace = <optimized out>
        dbegin = <optimized out>
        dend = <optimized out>
        extra = <optimized out>
        result = <optimized out>
        err = <optimized out>
        re_flags = <optimized out>
        __func__ = "rspamd_mime_expr_parse_regexp_atom"
#4  rspamd_mime_expr_parse (line=<optimized out>, len=<optimized out>,
pool=0x7ffff4632000, ud=<optimized out>, err=0x7fffffffe350) at
./src/libmime/mime_expressions.c:799
        a = 0x0
        mime_atom = 0x7ffff3d7e950
        p = <optimized out>
        end = <optimized out>
        c = <optimized out>
        real_ud = <optimized out>
        cfg = <optimized out>
        own_re = <optimized out>
        t = <optimized out>
        type = <optimized out>
        obraces = <optimized out>
        ebraces = <optimized out>
        state = <optimized out>
        prev_state = <optimized out>
        __func__ = "rspamd_mime_expr_parse"
#5  0x00007ffff7a9b028 in rspamd_parse_expression
(line=line@entry=0x7ffff47682c0 "Subject=/[$€$¢¥₽]/Hu", len=<optimized out>,
len@entry=0, subr=0x7ffff7d6be80 <mime_expr_subr>,
subr_data=subr_data@entry=0x7fffffffe3e0, pool=pool@entry=0x7ffff4632000,
err=err@entry=0x7fffffffe350, target=0x7fffffffe348) at
./src/libutil/expression.c:671
        e = 0x7ffff4780cb0
        elt = {type = ELT_OP, p = {atom = 0x0, op = OP_INVALID, lim = 0}, flags
= 0, priority = 0, value = 0}
        atom = <optimized out>
        num_re = 0x7ffff4640fc0
        op = <optimized out>
        op_stack = <optimized out>
        p = <optimized out>
        c = <optimized out>
        end = <optimized out>
        operand_stack = 0x7ffff47ffe60
        tmp = <optimized out>
        state = <optimized out>
        __func__ = "rspamd_parse_expression"
#6  0x00007ffff7b7f2ec in read_regexp_expression (pool=0x7ffff4632000,
symbol=0x7ffff47682a0 "SUBJECT_HAS_CURRENCY", line=line@entry=0x7ffff47682c0
"Subject=/[$€$¢¥₽]/Hu", ud=ud@entry=0x7fffffffe3e0, chain=<optimized out>) at
./src/plugins/regexp.c:81
        e = 0x0
        err = 0x0
        __func__ = "read_regexp_expression"
#7  0x00007ffff7b7fd4f in regexp_module_config (cfg=0x7ffff4626800) at
./src/plugins/regexp.c:228
        group = 0x0
        flags = 0
        priority = 0
        description = 0x0
        score = 0
        is_lua = 0
        valid_expression = 1
        ud = {cfg = 0x7ffff4626800, conf_obj = 0x7ffff4698c40}
        regexp_module_ctx = 0x7ffff3d76240
        cur_item = 0x7ffff3d7e930
        sec = 0x7ffff4760f40
        value = 0x7ffff4698c40
        elt = <optimized out>
        it = 0x7ffff4624920
        res = 1
        id = <optimized out>
        nre = 27
        nlua = 0
        nshots = 1
        __func__ = "regexp_module_config"
#8  0x00007ffff7b070cb in rspamd_init_filters (cfg=0x7ffff4626800,
reconfig=reconfig@entry=false) at ./src/libserver/cfg_utils.c:1539
        cur = 0x7ffff4620a00
        mod = 0x7ffff7d92460 <regexp_module>
        pmod = <optimized out>
        i = <optimized out>
        mod_ctx = 0x7ffff3d76240
        cur_ctx = <optimized out>
        ret = 1
        __func__ = "rspamd_init_filters"
#9  0x000055555556845f in rspamadm_configtest (argc=<optimized out>,
argv=<optimized out>, cmd=<optimized out>) at ./src/rspamadm/configtest.c:155
        context = <optimized out>
        error = 0x0
        confdir = <optimized out>
        cfg = 0x7ffff4626800
        ret = 1
        pworker = <optimized out>
        log_cnt = <optimized out>
#10 0x0000555555566845 in main (argc=2, argv=<optimized out>, env=<optimized
out>) at ./src/rspamadm/rspamadm.c:561
        error = 0x0
        context = <optimized out>
        og = <optimized out>
        cfg = <optimized out>
        process_quark = <optimized out>
        nargv = 0x7ffff462f4c0
        targv = 0x7ffff462f4c0
        cmd_name = <optimized out>
        cmd = 0x5555555904e0 <configtest_command>
        resolver = <optimized out>
        all_commands = <optimized out>
        i = <optimized out>
        nargc = <optimized out>
        targc = 1
        pworker = <optimized out>
        ev_cfg = 0x7ffff4630c80

--
You are receiving this mail because:
You are on the CC list for the bug.