search

termux-pacman / glibc-packages

Glibc packages for termux
MIT License
134 stars 19 forks source link

[Bug]: syscall() truncates 64-bit return value #193

Closed askorbinovaya-kislota closed 10 months ago

askorbinovaya-kislota commented 10 months ago

Problem description

full discussion here (termux discord server) (my way of printf debugging is terrible btw)

with latest glibc, box64-git started segfaulting. it happens because there is a new functionality, where the __NR_mmap system call is used directly, with the syscall() function. the return value is truncated to last 32 bits, resulting in an invalid pointer, so the program crashes immediately when it tries to use the pointer

the easiest way to reproduce the issue is to compile and run box64 with latest git commit (aba3e4 "Small improvment to MMAP32 managment"), it will crash immediately on printing available flags: ./box64 --flags (or when running any x86_64 executable)

and the crash is fixed when the syscall is done manually, like in this patch ```patch diff --git a/CMakeLists.txt b/CMakeLists.txt index 1acfd053..91cebdf5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -309,6 +309,7 @@ set(ELFLOADER_SRC "${BOX64_ROOT}/src/main.c" "${BOX64_ROOT}/src/box64context.c" "${BOX64_ROOT}/src/build_info.c" + "${BOX64_ROOT}/src/my_syscall.S" "${BOX64_ROOT}/src/custommem.c" "${BOX64_ROOT}/src/mallochook.c" "${BOX64_ROOT}/src/steam.c" diff --git a/src/custommem.c b/src/custommem.c index 6e83a6b6..d708e3c1 100644 --- a/src/custommem.c +++ b/src/custommem.c @@ -31,6 +31,7 @@ #include "dynarec/dynablock_private.h" #include "dynarec/native_lock.h" #include "dynarec/dynarec_next.h" +#include "my_syscall.h" #define USE_MMAP @@ -1562,7 +1563,7 @@ int isLockAddress(uintptr_t addr) void* internal_mmap(void *addr, unsigned long length, int prot, int flags, int fd, ssize_t offset) { - void* ret = (void*)syscall(__NR_mmap, addr, length, prot, flags, fd, offset); + void* ret = (void*)my_internal_syscall(__NR_mmap, addr, length, prot, flags, fd, offset); return ret; } int internal_munmap(void* addr, unsigned long length) diff --git a/src/my_syscall.S b/src/my_syscall.S new file mode 100644 index 00000000..6dd89807 --- /dev/null +++ b/src/my_syscall.S @@ -0,0 +1,13 @@ +.globl my_internal_syscall +my_internal_syscall: + mov w8, w0 + mov x0, x1 + mov x1, x2 + mov x2, x3 + mov x3, x4 + mov x4, x5 + mov x5, x6 + svc #0 + cmn x0, #(4095 + 1) + cneg x0, x0, hi + ret diff --git a/src/my_syscall.h b/src/my_syscall.h new file mode 100644 index 00000000..8f6a2db2 --- /dev/null +++ b/src/my_syscall.h @@ -0,0 +1 @@ +long my_internal_syscall(int nr, ...); ```

i also believe that the same issue could affect zink (the reason why any opengl program only outputs black screen), however i could be wrong

i think that the issue did not affect others because they use some kind of box64 installer, like box64droid, mobox or androbox, and their glibc version is outdated

for some unknown reason, even while factorio works like before, wine wow64 is still not fixed, so more investigation is needed

System information

termux-info ``` Termux Variables: TERMUX_API_APP__VERSION_NAME=0.50.1+4159c62 TERMUX_APP_PACKAGE_MANAGER=pacman TERMUX_APP__AM_SOCKET_SERVER_ENABLED=true TERMUX_APP__APK_PATH=/data/app/~~8KmNCvc6wEnyreYUBdw81Q==/com.termux-4jSpjWJb9kc-4gy9GGwoGA==/base.apk TERMUX_APP__APK_RELEASE=GITHUB TERMUX_APP__FILES_DIR=/data/user/0/com.termux/files TERMUX_APP__IS_DEBUGGABLE_BUILD=true TERMUX_APP__IS_INSTALLED_ON_EXTERNAL_STORAGE=false TERMUX_APP__PACKAGE_MANAGER=apt TERMUX_APP__PACKAGE_NAME=com.termux TERMUX_APP__PACKAGE_VARIANT=apt-android-7 TERMUX_APP__PID=17929 TERMUX_APP__SE_FILE_CONTEXT=u:object_r:app_data_file:s0:c37,c257,c512,c768 TERMUX_APP__SE_INFO=default:targetSdkVersion=28:complete TERMUX_APP__SE_PROCESS_CONTEXT=u:r:untrusted_app_27:s0:c37,c257,c512,c768 TERMUX_APP__TARGET_SDK=28 TERMUX_APP__UID=10293 TERMUX_APP__USER_ID=0 TERMUX_APP__VERSION_CODE=118 TERMUX_APP__VERSION_NAME=0.118.0+3b5018b TERMUX_MAIN_PACKAGE_FORMAT=pacman TERMUX_VERSION=0.118.0+3b5018b TERMUX__USER_ID=0 Packages CPU architecture: aarch64 Subscribed repositories: # /data/data/com.termux/files/usr/etc/pacman.conf [main] Usage = All Server = https://service.termux-pacman.dev/main/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/main/aarch64 [x11] Usage = All Server = https://service.termux-pacman.dev/x11/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/x11/aarch64 [root] Usage = All Server = https://service.termux-pacman.dev/root/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/root/aarch64 [tur] Usage = All Server = https://service.termux-pacman.dev/tur/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/tur/aarch64 [tur-continuous] Usage = All Server = https://service.termux-pacman.dev/tur-continuous/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/tur-continuous/aarch64 [tur-multilib] Usage = All Server = https://service.termux-pacman.dev/tur-multilib/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/tur-multilib/aarch64 [gpkg] Usage = All Server = https://service.termux-pacman.dev/gpkg/aarch64 Server = https://s3.amazonaws.com/termux-pacman.us/gpkg/aarch64 Updatable packages: All packages up to date termux-tools version: 1.40.5 Android version: 12 Kernel build information: Linux localhost 4.19.113-perf-ga58c646b5e75 #1 SMP PREEMPT Mon Dec 19 11:06:32 CST 2022 aarch64 Android Device manufacturer: Xiaomi Device model: M2007J17G LD Variables: LD_LIBRARY_PATH= LD_PRELOAD= Installed termux plugins: com.termux.api versionCode:51 com.termux.x11 versionCode:14 ```