search

EmbarkStudios / crash-handling

Collection of crates to deal with crashes
Apache License 2.0
138 stars 13 forks source link

SIGBUS copying fpsimd_context on aarch64 Linux #42

Closed sfackler closed 2 years ago

sfackler commented 2 years ago

Describe the bug On aarch64 Linux, the crash handler crashes with a buffer overflow copying the SIMD register context.

To Reproduce Compile and run this program with crash-handler 0.3.1:

fn main() {
    let _guard = crash_handler::CrashHandler::attach(unsafe {
        crash_handler::make_crash_event(|_| crash_handler::CrashEventResult::Handled(true))
    });

    std::process::abort();
}

Running it in GDB and continuing past the SIGABRT, the program hits a SIGBUS:

Program received signal SIGBUS, Bus error.
__memcpy_generic () at ../sysdeps/aarch64/multiarch/../memcpy.S:182
182     ../sysdeps/aarch64/multiarch/../memcpy.S: No such file or directory.
(gdb) bt
#0  __memcpy_generic () at ../sysdeps/aarch64/multiarch/../memcpy.S:182
#1  0x0000aaaaaaaade9c in core::intrinsics::copy_nonoverlapping<crash_context::linux::fpsimd_context> (src=0xfffff7ff8ff0, dst=0xaaaaaab16640 <crash_handler::linux::state::CRASH_CONTEXT+4576>, count=528)
    at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/intrinsics.rs:2123
#2  0x0000aaaaaaaad32c in crash_handler::linux::state::HandlerInner::handle_signal (self=0xaaaaaab15448 <crash_handler::linux::state::HANDLER+8>, _sig=6, info=0xfffff7ff8da0, uc=0xfffff7ff8e20)
    at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/crash-handler-0.3.1/src/linux/state.rs:432
#3  0x0000aaaaaaaacf50 in crash_handler::linux::state::signal_handler (sig=crash_handler::linux::Signal::Abort, info=0xfffff7ff8da0, uc=0xfffff7ff8e20)
    at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/crash-handler-0.3.1/src/linux/state.rs:337
#4  <signal handler called>
#5  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#6  0x0000fffff7e10ea0 in __GI_abort () at abort.c:79
#7  0x0000aaaaaaad6910 in std::sys::unix::abort_internal () at library/std/src/sys/unix/mod.rs:258
#8  0x0000aaaaaaaa67e0 in std::process::abort () at library/std/src/process.rs:2059
#9  0x0000aaaaaaaa7a04 in crash_test::main () at src/main.rs:6

Expected behavior The crash handler should not crash :D

Additional context If relevant, I'm running this in a Docker container on an M1 Macbook.

sfackler commented 2 years ago

The copy_nonoverlapping call here is working with *mut fpsimd_context but passing size_of::<fpsimd_context> in as the count, so it's actually trying to copy 528 sequential fpsimd_context structs! I will make a PR.