[Vm-dev] Buffer overriuns detected by fortify in the AioPlugin (was Re: [Pharo-dev] Pharo6 with Ubuntu and OSSubprocess/threaded heartbeat crashes and problems

Eliot Miranda eliot.miranda at gmail.com
Tue Mar 6 19:28:40 UTC 2018 

Hi,


    aioEnable et al should really check the fd argument against FD_SETSIZE
and answer error codes that get tested in clients.  See two messages below:

On Tue, Mar 6, 2018 at 2:49 AM, Sabine Manaa <manaa.sabine at gmail.com> wrote:

> Hi,
>
> I can report the following:
>
> The problem with the Buffer overflow remains also with OSProcess.
> Also with the normal vm (https://get.pharo.org ).
>
> Summary: I have buffer overflow crashes with my application on Linux.
> The same code runs without problems on MacOS and on Windows.
> I have the same test data/database and do exactly the same.
>
> The problem occurs only after calling several times OSProcess/OSSubprocess.
> This is the reason why I first had a suspicion that OSSubprocess is
> responsible for the crashes.
>
> Can anyone tell me how to proceed to find the reason for the buffer
> overflow?
> There is no PharoDebug.log
>
> Help is very appreciated!
>
> This is the message when terminating:
>
> root at Pharo_ubuntu_16:/spf/build# ./pharo Pharo-Productive-SPF.image
> --no-quit
>
> SmalltalkImageInstanceID class>>startUp*** buffer overflow detected ***:
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo terminated
>
> ======= Backtrace: =========
>
> /lib/i386-linux-gnu/libc.so.6(+0x67377)[0xf75b9377]
>
> /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x68)[0xf7649708]
>
> /lib/i386-linux-gnu/libc.so.6(+0xf58f8)[0xf76478f8]
>
> /lib/i386-linux-gnu/libc.so.6(+0xf75fa)[0xf76495fa]
>
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo(aioEnab
> le+0x31)[0x80c9811]
>
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo[0x81215ee]
>
> [0x90010e0]
>
> [0x90ad2d0]
>
> [0x90db8b4]
>
> [0x90ad24a]
>
> [0x900be6b]
>
> [0x900b04d]
>
> [0x9007a3e]
>
> [0x9004247]
>
> [0x9004572]
>
> [0x9001020]
>
> [0xa98c524]
>
> [0xb1755db]
>
> [0x9003efc]
>
> [0x9001020]
>
> [0xdcb558c]
>
> [0xb0d4d95]
>
> [0x9000ff0]
>
> ======= Memory map: ========
>
> 08048000-08164000 r-xp 00000000 00:1b 1183256
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
>
> 08164000-08165000 r--p 0011b000 00:1b 1183256
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
>
> 08165000-08170000 rw-p 0011c000 00:1b 1183256
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
>
> 08170000-081a7000 rw-p 00000000 00:00 0
>
> 08fdd000-08ffe000 rw-p 00000000 00:00 0
> [heap]
>
> 09000000-09100000 rwxp 00000000 00:00 0
>
> 09100000-11200000 rw-p 00000000 00:00 0
>
> f552e000-f554a000 r-xp 00000000 00:1b 8244
> /lib/i386-linux-gnu/libgcc_s.so.1
>
> f554a000-f554b000 rw-p 0001b000 00:1b 8244
> /lib/i386-linux-gnu/libgcc_s.so.1
>
> f554b000-f684c000 rw-p 00000000 00:00 0
>
> f684c000-f684f000 r-xp 00000000 00:1b 1183242
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
>
> f684f000-f6850000 r--p 00002000 00:1b 1183242
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
>
> f6850000-f6851000 rw-p 00003000 00:1b 1183242
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
>
> f6851000-f68b2000 r-xp 00000000 00:1b 1183230
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
>
> f68b2000-f68b3000 ---p 00061000 00:1b 1183230
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
>
> f68b3000-f68b5000 r--p 00061000 00:1b 1183230
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
>
> f68b5000-f68b9000 rw-p 00063000 00:1b 1183230
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
>
> f68b9000-f6a7b000 r-xp 00000000 00:1b 1183239
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
>
> f6a7b000-f6a7c000 ---p 001c2000 00:1b 1183239
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
>
> f6a7c000-f6a8c000 r--p 001c2000 00:1b 1183239
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
>
> f6a8c000-f6a93000 rw-p 001d2000 00:1b 1183239
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
>
> f6a93000-f6a96000 rw-p 00000000 00:00 0
>
> f6a96000-f6a9b000 r-xp 00000000 00:1b 1183249
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
>
> f6a9b000-f6a9c000 r--p 00004000 00:1b 1183249
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
>
> f6a9c000-f6a9d000 rw-p 00005000 00:1b 1183249
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
>
> f6a9d000-f6ab1000 r-xp 00000000 00:1b 7925
> /lib/i386-linux-gnu/libresolv-2.23.so
>
> f6ab1000-f6ab2000 ---p 00014000 00:1b 7925
> /lib/i386-linux-gnu/libresolv-2.23.so
>
> f6ab2000-f6ab3000 r--p 00014000 00:1b 7925
> /lib/i386-linux-gnu/libresolv-2.23.so
>
> f6ab3000-f6ab4000 rw-p 00015000 00:1b 7925
> /lib/i386-linux-gnu/libresolv-2.23.so
>
> f6ab4000-f6ab6000 rw-p 00000000 00:00 0
>
> f6ab6000-f6abb000 r-xp 00000000 00:1b 7931
> /lib/i386-linux-gnu/libnss_dns-2.23.so
>
> f6abb000-f6abc000 r--p 00004000 00:1b 7931
> /lib/i386-linux-gnu/libnss_dns-2.23.so
>
> f6abc000-f6abd000 rw-p 00005000 00:1b 7931
> /lib/i386-linux-gnu/libnss_dns-2.23.so
>
> f6abd000-f6c05000 rw-p 00000000 00:00 0
>
> f6c05000-f6c2e000 r-xp 00000000 00:1b 8373
> /lib/i386-linux-gnu/libpng12.so.0.54.0
>
> f6c2e000-f6c2f000 r--p 00028000 00:1b 8373
> /lib/i386-linux-gnu/libpng12.so.0.54.0
>
> f6c2f000-f6c30000 rw-p 00029000 00:1b 8373
> /lib/i386-linux-gnu/libpng12.so.0.54.0
>
> f6c30000-f6c49000 r-xp 00000000 00:1b 8362
> /lib/i386-linux-gnu/libz.so.1.2.8
>
> f6c49000-f6c4a000 r--p 00018000 00:1b 8362
> /lib/i386-linux-gnu/libz.so.1.2.8
>
> f6c4a000-f6c4b000 rw-p 00019000 00:1b 8362
> /lib/i386-linux-gnu/libz.so.1.2.8
>
> f6c4b000-f6cf6000 r-xp 00000000 00:1b 8395
> /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
>
> f6cf6000-f6cfa000 r--p 000aa000 00:1b 8395
> /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
>
> f6cfa000-f6cfb000 rw-p 000ae000 00:1b 8395
> /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
>
> f6cfb000-f6d02000 r-xp 00000000 00:1b 1183229
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
>
> f6d02000-f6d03000 r--p 00006000 00:1b 1183229
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
>
> f6d03000-f6d04000 rw-p 00007000 00:1b 1183229
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
>
> f6d04000-f6d0f000 r-xp 00000000 00:1b 7934
> /lib/i386-linux-gnu/libnss_files-2.23.so
>
> f6d0f000-f6d10000 r--p 0000a000 00:1b 7934
> /lib/i386-linux-gnu/libnss_files-2.23.so
>
> f6d10000-f6d11000 rw-p 0000b000 00:1b 7934
> /lib/i386-linux-gnu/libnss_files-2.23.so
>
> f6d11000-f6d38000 rw-p 00000000 00:00 0
>
> f6d38000-f6d39000 ---p 00000000 00:00 0
>
> f6d39000-f7539000 rw-p 00000000 00:00 0
> [stack:21188]
>
> f7539000-f753b000 r-xp 00000000 00:1b 7968
> /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
>
> f753b000-f753c000 r--p 00001000 00:1b 7968
> /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
>
> f753c000-f753d000 rw-p 00002000 00:1b 7968
> /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
>
> f753d000-f7544000 r--s 00000000 00:1b 7977
> /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
>
> f7544000-f754a000 r-xp 00000000 00:1b 1183240
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
>
> f754a000-f754b000 r--p 00005000 00:1b 1183240
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
>
> f754b000-f754c000 rw-p 00006000 00:1b 1183240
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
>
> f754c000-f754e000 r-xp 00000000 00:1b 1183257
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
>
> f754e000-f754f000 r--p 00001000 00:1b 1183257
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
>
> f754f000-f7550000 rw-p 00002000 00:1b 1183257
> /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
>
> f7550000-f7552000 rw-p 00000000 00:00 0
>
> f7552000-f7702000 r-xp 00000000 00:1b 7921
> /lib/i386-linux-gnu/libc-2.23.so
>
> f7702000-f7704000 r--p 001af000 00:1b 7921
> /lib/i386-linux-gnu/libc-2.23.so
>
> f7704000-f7705000 rw-p 001b1000 00:1b 7921
> /lib/i386-linux-gnu/libc-2.23.so
>
> f7705000-f7708000 rw-p 00000000 00:00 0
>
> f7708000-f775b000 r-xp 00000000 00:1b 7917
> /lib/i386-linux-gnu/libm-2.23.so
>
> f775b000-f775c000 r--p 00052000 00:1b 7917
> /lib/i386-linux-gnu/libm-2.23.so
>
> f775c000-f775d000 rw-p 00053000 00:1b 7917
> /lib/i386-linux-gnu/libm-2.23.so
>
> f775d000-f7776000 r-xp 00000000 00:1b 7920
> /lib/i386-linux-gnu/libpthread-2.23.so
>
> f7776000-f7777000 r--p 00018000 00:1b 7920
> /lib/i386-linux-gnu/libpthread-2.23.so
>
> f7777000-f7778000 rw-p 00019000 00:1b 7920
> /lib/i386-linux-gnu/libpthread-2.23.so
>
> f7778000-f777a000 rw-p 00000000 00:00 0
>
> f777a000-f777d000 r-xp 00000000 00:1b 7923
> /lib/i386-linux-gnu/libdl-2.23.so
>
> f777d000-f777e000 r--p 00002000 00:1b 7923
> /lib/i386-linux-gnu/libdl-2.23.so
>
> f777e000-f777f000 rw-p 00003000 00:1b 7923
> /lib/i386-linux-gnu/libdl-2.23.so
>
> f777f000-f7780000 rw-p 00000000 00:00 0
>
> f7780000-f7781000 r-xp 00000000 00:00 0
> [vdso]
>
> f7781000-f77a4000 r-xp 00000000 00:1b 7919
> /lib/i386-linux-gnu/ld-2.23.so
>
> f77a4000-f77a5000 r--p 00022000 00:1b 7919
> /lib/i386-linux-gnu/ld-2.23.so
>
> f77a5000-f77a6000 rw-p 00023000 00:1b 7919
> /lib/i386-linux-gnu/ld-2.23.so
>
> ffc55000-ffcd1000 rw-p 00000000 00:00 0
> [stack]
>
> ./pharo: line 11: 14639 Aborted                 "$DIR"/"pharo-vm/pharo"
> --nodisplay "$@"
>
>
On Tue, Mar 6, 2018 at 5:26 AM, Henrik Sperre Johansen <
henrik.s.johansen at veloxit.no> wrote:

> Seems to me aioEnable somehow triggers this.
> It maintains buffers of size FD_SETSIZE (1024 on Linux)*, so an fd
> parameter** >= that, could probably trigger such an error.
> Maybe you could put a halt in whichever method in OSSubprocess/OSProcess
> calls the primitive triggered when condition occurs, to see if that is the
> cause?
> If so, identifying *why* you end up with fd's that high (which, afaik,
> isn't
> normal), will probably lead to a workaround/solution...
>
> Cheers,
> Henry
>
> *
> https://github.com/pharo-project/pharo-vm/blob/e0ce2d9d78c3c
> 7b37bbc12cd8730c6a15f1f057c/opensmalltalk-vm/platforms/unix/vm/aio.c
> **
> https://github.com/pharo-project/pharo-vm/blob/c50dec02d2875
> de56c84d11889c78484e2d5cda8/mc/VMConstruction-Plugins-
> AioPlugin.package/UnixAioPlugin.class/instance/primitiveAioEnable.st
>
> --
> Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html
>

_,,,^..^,,,_
best, Eliot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20180306/4ffb624e/attachment-0001.html>

More information about the Vm-dev mailing list