search

oracle / dtrace-utils

DTrace-utils contains the DTrace port to Linux
Other
132 stars 19 forks source link

Crash when building `usdt-tst-args-prov.d` with `-D_FORTIFY_SOURCE=3` #78

Open thesamesam opened 3 weeks ago

thesamesam commented 3 weeks ago

With -D_FORTIFY_SOURCE=3 and building tests (not running them), I get the following:

chmod a+x /var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/run-dtrace
/var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/run-dtrace -h -o test/triggers//usdt-tst-args-prov.h -x nolibs -s test/triggers/usdt-tst-args-prov.d
*** buffer overflow detected ***: terminated
make: *** [Makerules:31: test/triggers//usdt-tst-args-prov.h] Aborted (core dumped)
make: *** Waiting for unfinished jobs....
/var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/run-dtrace -h -o test/triggers//usdt-tst-argmap-prov.h -x nolibs -s test/triggers/usdt-tst-argmap-prov.d
*** buffer overflow detected ***: terminated
make: *** [Makerules:31: test/triggers//usdt-tst-argmap-prov.h] Aborted (core dumped)
/var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/run-dtrace -h -o test/triggers//usdt-tst-special-prov.h -x nolibs -s test/triggers/usdt-tst-special-prov.d
*** buffer overflow detected ***: terminated
make: *** [Makerules:31: test/triggers//usdt-tst-special-prov.h] Aborted (core dumped)
/var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/run-dtrace -h -o test/triggers//usdt-tst-forker-prov.h -x nolibs -s test/triggers/usdt-tst-forker-prov.d
*** buffer overflow detected ***: terminated
make: *** [Makerules:31: test/triggers//usdt-tst-forker-prov.h] Aborted (core dumped)
 * ERROR: dev-debug/dtrace-9999::gentoo failed (compile phase):
 *   emake failed

This happens even after 75e57bdc279a9a7a86b268d37b665aff52997fe9.

thesamesam commented 3 weeks ago 
(gdb) r
Starting program: /var/tmp/portage/dev-debug/dtrace-9999/work/dtrace-9999/build/dtrace -h -o test/triggers//usdt-tst-forker-prov.h -x nolibs -s test/triggers/usdt-tst-forker-prov.d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at pthread_kill.c:44
#1  __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at pthread_kill.c:89
#3  0x00007ffff7c84f22 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7c674f2 in __GI_abort () at abort.c:79
#5  0x00007ffff7c68726 in __libc_message_impl (fmt=fmt@entry=0x7ffff7e01bbb "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132
#6  0x00007ffff7d72de7 in __GI___fortify_fail (msg=msg@entry=0x7ffff7e01ba2 "buffer overflow detected") at fortify_fail.c:24
#7  0x00007ffff7d726b2 in __GI___chk_fail () at chk_fail.c:28
#8  0x00007ffff7d73ed5 in ___snprintf_chk (s=s@entry=0x7fffffffd760 "\360\327\377\377\377\177", maxlen=maxlen@entry=2147483647, flag=flag@entry=2, slen=<optimized out>,
    format=format@entry=0x7ffff7f6ef77 "%s:%s:%s") at snprintf_chk.c:29
#9  0x00007ffff7f415ef in snprintf (__s=0x7fffffffd760 "\360\327\377\377\377\177", __n=2147483647, __fmt=0x7ffff7f6ef77 "%s:%s:%s") at /usr/include/bits/stdio2.h:68
#10 dt_probe_key (pdp=0x7fffffffd790, s=0x7fffffffd760 "\360\327\377\377\377\177") at libdtrace/dt_probe.c:185
#11 dt_probe_lookup2 (pvp=pvp@entry=0x5555600164a0, s=s@entry=0x555560016330 "::fire") at libdtrace/dt_probe.c:332
#12 0x00007ffff7f307d6 in dt_cook_provider (dnp=0x555556880520, idflags=<optimized out>) at libdtrace/dt_parser.c:4742
#13 0x00007ffff7f2edac in dt_node_cook (dnp=dnp@entry=0x555556880520, idflags=idflags@entry=16) at libdtrace/dt_parser.c:4813
#14 0x00007ffff7eed4dd in dt_compile (dtp=dtp@entry=0x5555555684d0, context=context@entry=363, pspec=pspec@entry=DTRACE_PROBESPEC_NAME, arg=arg@entry=0x0, cflags=cflags@entry=4,
    argc=1, argv=0x5555555602a0, fp=<optimized out>, s=0x0) at libdtrace/dt_cc.c:739
#15 0x00007ffff7eee37c in dt_program_compile (dtp=0x5555555684d0, spec=DTRACE_PROBESPEC_NAME, cflags=4, argc=<optimized out>, argv=<optimized out>, fp=0x55555556cb20, s=0x0)
    at libdtrace/dt_cc.c:1436
#16 dtrace_program_fcompile (dtp=0x5555555684d0, fp=fp@entry=0x55555556cb20, cflags=<optimized out>, argc=<optimized out>, argv=<optimized out>) at libdtrace/dt_cc.c:1458
#17 0x000055555555900b in compile_file (dcp=0x5555555602f0) at cmd/dtrace.c:478
#18 0x0000555555556018 in main (argc=<optimized out>, argv=<optimized out>) at cmd/dtrace.c:1356

cc @nickalcock

thesamesam commented 3 weeks ago

s is from alloca(keylen). If it really ends up being of size INT_MAX, it shouldn't be on the stack anyway.

nickalcock commented 2 weeks ago

Yeah, dt_probe_key's

    snprintf(s, INT_MAX, "%s:%s:%s", pdp->mod, pdp->fun, pdp->prb);

needs improving a bit :)