[pcre-dev] [Bug 2580] New: sljit protexecallocator workaroun…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2580] New: sljit protexecallocator workaround to bug when fork()
https://bugs.exim.org/show_bug.cgi?id=2580

            Bug ID: 2580
           Summary: sljit protexecallocator workaround to bug when fork()
           Product: PCRE
           Version: 10.35 (PCRE2)
          Hardware: All
                OS: NetBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: carenas@???
                CC: pcre-dev@???


the new implementation in 10.35 (since r1234), using mremap(MAP_REMAPDUP)
triggers a bug tracked in lib/55177[1], where the two related maps will
disconnect after a fork(), with the possibility that a JIT compiled function
would no longer be visible and result in a crash with a backtrace like (the
relevant frames are the top 4) :

#0  0x00007f7ff7eee570 in ?? ()
#1  0x0000709d57e1b9aa in jit_machine_stack_exec
(arguments=arguments@entry=0x7f7fff77a9f0, executable_func=<optimized out>) at
src/pcre2_jit_match.c:57
#2  0x0000709d57e45d11 in pcre2_jit_match_16 (code=code@entry=0x709d60747500,
subject=subject@entry=0x709d5fbec798, length=length@entry=190,
start_offset=start_offset@entry=0, options=options@entry=0,
match_data=0x709d5fb97d80,
    mcontext=mcontext@entry=0x709d5fb11860) at src/pcre2_jit_match.c:168
#3  0x0000709d57e46d84 in pcre2_match_16 (code=code@entry=0x709d60747500,
subject=subject@entry=0x709d5fbec798, length=<optimized out>, length@entry=190,
start_offset=start_offset@entry=0, options=<optimized out>, options@entry=0,
    match_data=match_data@entry=0x709d5fb97d80, mcontext=<optimized out>,
mcontext@entry=0x709d5fb11860) at src/pcre2_match.c:6345
#4  0x0000709d5e937163 in safe_pcre2_match_16 (code=0x709d60747500,
subject=0x709d5fbec798, length=length@entry=190,
startOffset=startOffset@entry=0, options=options@entry=0,
matchData=matchData@entry=0x709d5fb97d80,
    matchContext=matchContext@entry=0x709d5fb11860) at
text/qregularexpression.cpp:1184
#5  0x0000709d5e93ab42 in QRegularExpressionPrivate::doMatch
(this=0x709d5fb13150, subject=..., subjectStart=subjectStart@entry=0,
subjectLength=190, offset=offset@entry=0,
matchType=matchType@entry=QRegularExpression::NormalMatch,
    matchOptions=..., matchOptions@entry=...,
checkSubjectStringOption=checkSubjectStringOption@entry=QRegularExpressionPrivate::CheckSubjectString,
previous=previous@entry=0x0) at text/qregularexpression.cpp:1284
#6  0x0000709d5e93ad89 in QRegularExpression::match
(this=this@entry=0x7f7fff7800b8, subject=..., offset=offset@entry=0,
matchType=matchType@entry=QRegularExpression::NormalMatch, matchOptions=...)
    at ../../include/QtCore/../../src/corelib/text/qstring.h:1027
#7  0x0000709d5e93adf5 in QRegularExpression::globalMatch
(this=this@entry=0x7f7fff7800b8, subject=..., offset=offset@entry=0,
matchType=matchType@entry=QRegularExpression::NormalMatch,
matchOptions=matchOptions@entry=...)
    at text/qregularexpression.cpp:1738
#8  0x0000709d5e92de3a in QString::replace (this=this@entry=0x7f7fff7800b0,
re=..., after=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:118
#9  0x000000000046ab4e in PasswordGeneratorWidget::colorStrengthIndicator
(this=this@entry=0x709d6068dd30, entropy=entropy@entry=107.12801348301193) at
/usr/pkg/qt5/include/QtCore/qstring.h:794
#10 0x000000000046b228 in PasswordGeneratorWidget::updatePasswordStrength
(this=0x709d6068dd30, password=...) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:278
#11 0x000000000047e86f in PasswordGeneratorWidget::qt_static_metacall
(_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized
out>)
    at
/scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/DMHXEJ42XS/moc_PasswordGeneratorWidget.cpp:143
#12 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5ff0bc60,
signal_index=7, argv=0x7f7fff7802b0) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#13 0x0000709d5ea49c87 in QMetaObject::activate (sender=<optimized out>,
m=m@entry=0x709d618bda20 <QLineEdit::staticMetaObject>,
local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7f7fff7802b0)
at kernel/qobject.cpp:3930
#14 0x0000709d612968e9 in QLineEdit::textChanged (this=<optimized out>,
_t1=...) at .moc/moc_qlineedit.cpp:447
#15 0x0000709d6129d581 in QLineEdit::qt_static_metacall (_o=0x709d5ff0bc60,
_c=<optimized out>, _id=<optimized out>, _a=0x7f7fff780430) at
.moc/moc_qlineedit.cpp:255
#16 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d603f8f00,
signal_index=6, argv=0x7f7fff780430) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#17 0x0000709d5ea49c87 in QMetaObject::activate
(sender=sender@entry=0x709d603f8f00, m=m@entry=0x709d618bdae0
<QWidgetLineControl::staticMetaObject>,
local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7f7fff780430)
    at kernel/qobject.cpp:3930
#18 0x0000709d6129e1f6 in QWidgetLineControl::textChanged
(this=this@entry=0x709d603f8f00, _t1=...) at
.moc/moc_qwidgetlinecontrol_p.cpp:273
#19 0x0000709d612a1b7f in QWidgetLineControl::finishChange
(this=this@entry=0x709d603f8f00, validateFromState=validateFromState@entry=-1,
update=update@entry=true, edited=edited@entry=false) at
widgets/qwidgetlinecontrol.cpp:736
#20 0x0000709d612a1e94 in QWidgetLineControl::internalSetText
(this=this@entry=0x709d603f8f00, txt=..., pos=pos@entry=-1,
edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:772
#21 0x0000709d612943ec in QWidgetLineControl::setText (txt=...,
this=0x709d603f8f00) at
../../include/QtWidgets/5.14.2/QtWidgets/private/../../../../../src/widgets/widgets/qwidgetlinecontrol_p.h:251
#22 QLineEditPrivate::setText (this=<optimized out>, text=...) at
widgets/qlineedit_p.cpp:276
#23 0x0000709d612985c5 in QLineEdit::setText (this=<optimized out>, text=...)
at widgets/qlineedit.cpp:318
#24 0x000000000046b36a in PasswordGeneratorWidget::regeneratePassword
(this=0x709d6068dd30) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:248
#25 0x000000000046b737 in PasswordGeneratorWidget::updateGenerator
(this=0x709d6068dd30) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:592
#26 0x000000000047e7cf in PasswordGeneratorWidget::qt_static_metacall
(_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized
out>)
    at
/scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/DMHXEJ42XS/moc_PasswordGeneratorWidget.cpp:152
#27 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5fb67be0,
signal_index=7, argv=0x7f7fff780720) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#28 0x0000709d5ea49c87 in QMetaObject::activate (sender=<optimized out>,
m=m@entry=0x709d618bda20 <QLineEdit::staticMetaObject>,
local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7f7fff780720)
at kernel/qobject.cpp:3930
#29 0x0000709d612968e9 in QLineEdit::textChanged (this=<optimized out>,
_t1=...) at .moc/moc_qlineedit.cpp:447
#30 0x0000709d6129d581 in QLineEdit::qt_static_metacall (_o=0x709d5fb67be0,
_c=<optimized out>, _id=<optimized out>, _a=0x7f7fff7808a0) at
.moc/moc_qlineedit.cpp:255
#31 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5fafd700,
signal_index=6, argv=0x7f7fff7808a0) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395
#32 0x0000709d5ea49c87 in QMetaObject::activate
(sender=sender@entry=0x709d5fafd700, m=m@entry=0x709d618bdae0
<QWidgetLineControl::staticMetaObject>,
local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7f7fff7808a0)
    at kernel/qobject.cpp:3930
#33 0x0000709d6129e1f6 in QWidgetLineControl::textChanged
(this=this@entry=0x709d5fafd700, _t1=...) at
.moc/moc_qwidgetlinecontrol_p.cpp:273
#34 0x0000709d612a1b7f in QWidgetLineControl::finishChange
(this=this@entry=0x709d5fafd700, validateFromState=validateFromState@entry=-1,
update=update@entry=true, edited=edited@entry=false) at
widgets/qwidgetlinecontrol.cpp:736
#35 0x0000709d612a1e94 in QWidgetLineControl::internalSetText
(this=this@entry=0x709d5fafd700, txt=..., pos=pos@entry=-1,
edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:772
#36 0x0000709d612943ec in QWidgetLineControl::setText (txt=...,
this=0x709d5fafd700) at
../../include/QtWidgets/5.14.2/QtWidgets/private/../../../../../src/widgets/widgets/qwidgetlinecontrol_p.h:251
#37 QLineEditPrivate::setText (this=<optimized out>, text=...) at
widgets/qlineedit_p.cpp:276
#38 0x0000709d612985c5 in QLineEdit::setText (this=this@entry=0x709d5fb67be0,
text=...) at widgets/qlineedit.cpp:318
#39 0x0000000000469002 in PasswordGeneratorWidget::PasswordGeneratorWidget
(this=0x709d6068dd30, parent=<optimized out>) at
/usr/pkg/qt5/include/QtCore/qstring.h:794
#40 0x00000000005c9488 in Ui_EditEntryWidgetMain::setupUi (this=0x709d628c33e0,
EditEntryWidgetMain=0x709d603f4540) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/include/ui_EditEntryWidgetMain.h:88
#41 0x0000000000518b69 in EditEntryWidget::setupMain
(this=this@entry=0x709d5fba2e80) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/entry/EditEntryWidget.cpp:147
#42 0x00000000005193b6 in EditEntryWidget::EditEntryWidget
(this=0x709d5fba2e80, parent=<optimized out>) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/entry/EditEntryWidget.cpp:103
#43 0x00000000004f6cc3 in DatabaseWidget::DatabaseWidget (this=0x709d619d1a40,
db=..., parent=<optimized out>) at
/usr/pkg/qt5/include/QtCore/qsharedpointer_impl.h:682
#44 0x00000000004ee599 in DatabaseTabWidget::addDatabaseTab
(this=0x709d6297ce00, filePath=..., inBackground=inBackground@entry=false,
password=..., keyfile=...) at /usr/include/g++/new:169
#45 0x000000000045cdec in MainWindow::openDatabase
(this=this@entry=0x7f7fff780d28, filePath=..., password=..., keyfile=...) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/MainWindow.cpp:574
#46 0x000000000044dbe8 in Bootstrap::restoreMainWindowState (mainWindow=...) at
/usr/pkg/qt5/include/QtCore/qarraydata.h:257
#47 0x00000000005708dc in main (argc=<optimized out>, argv=<optimized out>) at
/scratch/security/keepassxc/work/keepassxc-2.5.4/src/main.cpp:138


a "fix" was committed in sljit upstream[2] but wasn't included with the update
of sljit
before the release.

[1] https://mail-index.netbsd.org/netbsd-bugs/2020/04/15/msg067149.html
[2]
https://github.com/zherczeg/sljit/commit/83f4525687fc5c8bc215dcfd0017f38f64f48744

--
You are receiving this mail because:
You are on the CC list for the bug.