bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Xu Chunyang]

Emacs crashes when I run the following (the PID 123456 doesn't exist)

    (process-attributes 123456)

And I can reproduce it from Emacs -Q:

    ~ $ emacs -Q --batch --eval '(print (process-attributes 123456))'
    Fatal error 11: Segmentation faultzsh: segmentation fault  emacs -Q --batch --eval '(print (process-attributes 123456))'
    ~ $ emacs --version | head -1
    GNU Emacs 26.2.90
    ~ $


In GNU Emacs 26.2.90 (build 1, x86_64-apple-darwin18.6.0, Carbon Version 158 AppKit 1671.5)
 of 2019-06-13 built on Chunyangs-MacBook-Air.local
Repository revision: 7ba854289bd169f1e5f4fbdbc4ae2bef24b9811f
Windowing system distributor 'Apple Inc.', version 10.14.5
Recent messages:
Loading /Users/xcy/.emacs.d/xcy.el (source)...done
Loading /Users/xcy/.emacs.d/var/recentf-save.el (source)...done
Cleaning up the recentf list...done (0 removed) [2 times]

Configured using:
 'configure --with-modules'

Configured features:
NOTIFY ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS MODULES THREADS LCMS2

Important settings:
  value of $LANG: zh-Hans_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  global-atomic-chrome-edit-mode: t
  shell-dirtrack-mode: t
  server-mode: t
  minibuffer-electric-default-mode: t
  rainbow-delimiters-mode: t
  paredit-mode: t
  hl-todo-mode: t
  company-mode: t
  show-paren-mode: t
  region-state-mode: t
  global-undo-tree-mode: t
  undo-tree-mode: t
  electric-pair-mode: t
  winner-mode: t
  global-auto-revert-mode: t
  prescient-persist-mode: t
  prompt-watcher-mode: t
  minibuffer-depth-indicate-mode: t
  save-place-mode: t
  recentf-mode: t
  savehist-mode: t
  override-global-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mac-mouse-wheel-mode: t
  global-prettify-symbols-mode: t
  prettify-symbols-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  temp-buffer-resize-mode: t
  size-indication-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
~/src/e2ansi/e2ansi hides /Users/xcy/.emacs.d/elpa-26.2.90/e2ansi-20190517.1902/e2ansi
~/src/e2ansi/e2ansi-magic hides /Users/xcy/.emacs.d/elpa-26.2.90/e2ansi-20190517.1902/e2ansi-magic
~/src/e2ansi/e2ansi-list hides /Users/xcy/.emacs.d/elpa-26.2.90/e2ansi-20190517.1902/e2ansi-list
~/src/e2ansi/e2ansi-silent hides /Users/xcy/.emacs.d/elpa-26.2.90/e2ansi-20190517.1902/e2ansi-silent
~/src/github-stars.el/github-stars hides /Users/xcy/.emacs.d/elpa-26.2.90/github-stars-20190517.1319/github-stars
~/src/grab-mac-link/grab-mac-link hides /Users/xcy/.emacs.d/elpa-26.2.90/grab-mac-link-20190419.1307/grab-mac-link
~/src/helm-lastpass/helm-lastpass hides /Users/xcy/.emacs.d/elpa-26.2.90/helm-lastpass-20180722.806/helm-lastpass
~/src/region-state.el/region-state hides /Users/xcy/.emacs.d/elpa-26.2.90/region-state-20181205.1746/region-state
~/src/swap-regions.el/swap-regions hides /Users/xcy/.emacs.d/elpa-26.2.90/swap-regions-20180915.1346/swap-regions
~/src/web-search.el/web-search hides /Users/xcy/.emacs.d/elpa-26.2.90/web-search-20181028.525/web-search
~/src/yagist.el/yagist hides /Users/xcy/.emacs.d/elpa-26.2.90/yagist-20160418.508/yagist
~/src/youdao-dictionary.el/youdao-dictionary hides /Users/xcy/.emacs.d/elpa-26.2.90/youdao-dictionary-20180714.414/youdao-dictionary
/Users/xcy/.emacs.d/elpa-26.2.90/flymake-1.0.6/flymake hides /Users/xcy/src/emacs-mac/lisp/progmodes/flymake
/Users/xcy/.emacs.d/elpa-26.2.90/soap-client-3.1.5/soap-client hides /Users/xcy/src/emacs-mac/lisp/net/soap-client
/Users/xcy/.emacs.d/elpa-26.2.90/soap-client-3.1.5/soap-inspect hides /Users/xcy/src/emacs-mac/lisp/net/soap-inspect

Features:
(shadow sort mailalias epa-mail flyspell-popup popup flyspell ispell
mail-extr emacsbug message puny dired-x dired dired-loaddefs rfc822 mml
mml-sec epa epg gnus-util rmail rmail-loaddefs mm-decode mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail
rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils atomic-chrome
websocket url-cookie url-domsuf url-util bindat ob-sml ob-rust org-habit
org-agenda org-protocol ob-shell shell ob-scheme ob-ruby ob-R ob-python
ob-perl ob-org ob-lua ob-lisp ob-latex ob-eshell ob-ditaa ob-C cc-mode
cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars
cc-defs ob-clojure ob-awk ob-racket org-eww org-element avl-tree
generator org org-macro org-footnote org-pcomplete pcomplete org-list
org-faces org-entities org-version ob-emacs-lisp ob ob-tangle org-src
ob-ref ob-lob ob-table ob-keys ob-exp ob-comint ob-core ob-eval
org-compat org-macs org-loaddefs find-func server finda json map
minibuf-eldef cal-china lunar solar cal-dst cal-menu calendar
cal-loaddefs rainbow-delimiters paredit hl-todo company-oddmuse
company-keywords company-etags etags xref project company-gtags
company-dabbrev-code company-dabbrev company-files company-capf
company-cmake company-xcode company-clang company-semantic company-eclim
company-template company-bbdb company derived let-alist gif-screencast
elisp-demos hydra lv el-search-x el-search noutline outline hideshow
help-fns radix-tree stream-x stream thunk thingatpt cl-print rmc
pdf-tools compile comint ansi-color cus-edit cus-start cus-load pdf-view
bookmark pp jka-compr pdf-cache pdf-info tq pdf-util format-spec
image-mode pdf-loader paren region-state undo-tree diff ace-link avy
elec-pair winner ring ibuf-macs autorevert filenotify prescient mb-depth
saveplace recentf tree-widget wid-edit savehist
sanityinc-tomorrow-eighties-theme color-theme-sanityinc-tomorrow color
pcase no-littering dash subr-x diminish use-package use-package-ensure
use-package-delight use-package-diminish use-package-bind-key bind-key
easy-mmode cl-extra help-mode use-package-core finder-inf edmacro kmacro
kotl-autoloads rx cl info advice package easymenu epg-config
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache url-vars seq byte-opt gv bytecomp
byte-compile cconv cl-loaddefs cl-lib mule-util time-date china-util
tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel term/mac-win mac-win term/common-win tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode
lisp-mode prog-mode register page menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook jka-cmpr-hook
help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads kqueue mac lcms2 multi-tty make-network-process emacs)

Memory information:
((conses 16 563329 9950)
 (symbols 48 47679 2)
 (miscs 40 3167 215)
 (strings 32 163119 10977)
 (string-bytes 1 5053082)
 (vectors 16 49276)
 (vector-slots 8 1224022 15208)
 (floats 8 918 233)
 (intervals 56 1006 0)
 (buffers 992 11))

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Noam Postavsky]

Xu Chunyang <mail@xuchunyang.me> writes:

> Emacs crashes when I run the following (the PID 123456 doesn't exist)
>
>     (process-attributes 123456)
>
> And I can reproduce it from Emacs -Q:
>
>     ~ $ emacs -Q --batch --eval '(print (process-attributes 123456))'
>     Fatal error 11: Segmentation faultzsh: segmentation fault  emacs -Q --batch --eval '(print (process-attributes 123456))'
>     ~ $ emacs --version | head -1
>     GNU Emacs 26.2.90
>     ~ $
>
>
> In GNU Emacs 26.2.90 (build 1, x86_64-apple-darwin18.6.0, Carbon Version 158 AppKit 1671.5)

Doesn't happen here[1], I just get nil.  Can you show a backtrace with a
gdb (or lldb if that's not available)?

[1]: In GNU Emacs 26.2.90 (build 1, x86_64-pc-linux-gnu, X toolkit, Xaw scroll bars)

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[xuchunyang]

On Tue, Jun 18, 2019, at 9:31 PM, Noam Postavsky wrote:
> Xu Chunyang <mail@xuchunyang.me> writes:
> 
> > Emacs crashes when I run the following (the PID 123456 doesn't exist)
> >
> >     (process-attributes 123456)
> >
> > And I can reproduce it from Emacs -Q:
> >
> >     ~ $ emacs -Q --batch --eval '(print (process-attributes 123456))'
> >     Fatal error 11: Segmentation faultzsh: segmentation fault  emacs -Q --batch --eval '(print (process-attributes 123456))'
> >     ~ $ emacs --version | head -1
> >     GNU Emacs 26.2.90
> >     ~ $
> >
> >
> > In GNU Emacs 26.2.90 (build 1, x86_64-apple-darwin18.6.0, Carbon Version 158 AppKit 1671.5)
> 
> Doesn't happen here[1], I just get nil.  Can you show a backtrace with a
> gdb (or lldb if that's not available)?

(Not sure what am I doing, never used lldb)

~/src/emacs-mac/src $ lldb ./emacs
(lldb) target create "./emacs"
Current executable set to './emacs' (x86_64).
(lldb) run -Q --batch --eval '(print (process-attributes 123456))'
Process 18581 launched: '/Users/xcy/src/emacs-mac/src/emacs' (x86_64)
emacs was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 18581 stopped
* thread #2, name = 'org.gnu.Emacs.lisp-main', stop reason = EXC_BAD_ACCESS (code=1, address=0x41)
    frame #0: 0x00000001000dd9aa emacs`system_process_attributes(pid=<unavailable>) at sysdep.c:3872:39 [opt]
   3869	  rusage = proc.kp_proc.p_ru;
   3870	  if (rusage)
   3871	    {
-> 3872	      attrs = Fcons (Fcons (Qminflt,  make_fixnum_or_float (rusage->ru_minflt)),
   3873			     attrs);
   3874	      attrs = Fcons (Fcons (Qmajflt,  make_fixnum_or_float (rusage->ru_majflt)),
   3875			     attrs);
Target 0: (emacs) stopped.
(lldb) bt
* thread #2, name = 'org.gnu.Emacs.lisp-main', stop reason = EXC_BAD_ACCESS (code=1, address=0x41)
  * frame #0: 0x00000001000dd9aa emacs`system_process_attributes(pid=<unavailable>) at sysdep.c:3872:39 [opt]
    frame #1: 0x000000010013e854 emacs`eval_sub(form=<unavailable>) at eval.c:2247:41 [opt]
    frame #2: 0x000000010013e7ea emacs`eval_sub(form=<unavailable>) at eval.c:2235:21 [opt]
    frame #3: 0x0000000100141f6b emacs`Feval(form=4370835043, lexical=<unavailable>) at eval.c:2067:28 [opt]
    frame #4: 0x0000000100143b27 emacs`__funcall_subr_block_invoke(.block_descriptor=<unavailable>) at eval.c:0:12 [opt]
    frame #5: 0x00000001001e1a4f emacs`mac_autorelease_loop(body=0x0000000100143a60) at macappkit.m:1040:13 [opt]
    frame #6: 0x0000000100142aff emacs`Ffuncall [inlined] funcall_subr(subr=<unavailable>, numargs=<unavailable>, args=<unavailable>) at eval.c:2909:3 [opt]
    frame #7: 0x0000000100142a99 emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) at eval.c:2782 [opt]
    frame #8: 0x0000000100186f3e emacs`exec_byte_code(bytestr=<unavailable>, vector=4298690456, maxdepth=<unavailable>, args_template=1030, nargs=1, args=<unavailable>) at bytecode.c:630:12 [opt]
    frame #9: 0x0000000100142a3d emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) at eval.c:0:4 [opt]
    frame #10: 0x0000000100186f3e emacs`exec_byte_code(bytestr=<unavailable>, vector=4298667856, maxdepth=<unavailable>, args_template=2, nargs=0, args=<unavailable>) at bytecode.c:630:12 [opt]
    frame #11: 0x0000000100142a3d emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) at eval.c:0:4 [opt]
    frame #12: 0x0000000100186f3e emacs`exec_byte_code(bytestr=<unavailable>, vector=4298664256, maxdepth=<unavailable>, args_template=2, nargs=0, args=<unavailable>) at bytecode.c:630:12 [opt]
    frame #13: 0x0000000100142214 emacs`apply_lambda(fun=4298664181, args=<unavailable>, count=4) at eval.c:2948:9 [opt]
    frame #14: 0x000000010013e610 emacs`eval_sub(form=<unavailable>) at eval.c:0:11 [opt]
    frame #15: 0x0000000100141f6b emacs`Feval(form=4362606819, lexical=<unavailable>) at eval.c:2067:28 [opt]
    frame #16: 0x00000001001410dc emacs`internal_condition_case(bfun=(emacs`top_level_2 at keyboard.c:1118), handlers=22128, hfun=(emacs`cmd_error at keyboard.c:938)) at eval.c:1336:25 [opt]
    frame #17: 0x00000001000d102d emacs`top_level_1(ignore=<unavailable>) at keyboard.c:1127:5 [opt]
    frame #18: 0x00000001001406d0 emacs`internal_catch(tag=53568, func=(emacs`top_level_1 at keyboard.c:1124), arg=0) at eval.c:1101:25 [opt]
    frame #19: 0x00000001000c06ef emacs`command_loop at keyboard.c:1088:2 [opt]
    frame #20: 0x00000001000c060f emacs`recursive_edit_1 at keyboard.c:695:9 [opt]
    frame #21: 0x00000001000c08f6 emacs`Frecursive_edit at keyboard.c:766:3 [opt]
    frame #22: 0x00000001000bf209 emacs`emacs_main(argc=<unavailable>, argv=0x00007ffeefbff7c8) at emacs.c:1759:3 [opt]
    frame #23: 0x000000010020d534 emacs`mac_start_lisp_main(arg=0x00007ffeefbff7c8) at macappkit.m:16723:3 [opt]
    frame #24: 0x00007fff7a9e52eb libsystem_pthread.dylib`_pthread_body + 126
    frame #25: 0x00007fff7a9e8249 libsystem_pthread.dylib`_pthread_start + 66
    frame #26: 0x00007fff7a9e440d libsystem_pthread.dylib`thread_start + 13
(lldb)

> [1]: In GNU Emacs 26.2.90 (build 1, x86_64-pc-linux-gnu, X toolkit, Xaw 
> scroll bars)
> 
>

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Tue, 18 Jun 2019 22:05:38 +0800, xuchunyang <mail@xuchunyang.me> said:

    xuchunyang> On Tue, Jun 18, 2019, at 9:31 PM, Noam Postavsky wrote:
    >> Xu Chunyang <mail@xuchunyang.me> writes:
    >> 
    >> > Emacs crashes when I run the following (the PID 123456 doesn't exist)
    >> >
    >> >     (process-attributes 123456)
    >> >
    >> > And I can reproduce it from Emacs -Q:
    >> >
    >> >     ~ $ emacs -Q --batch --eval '(print (process-attributes 123456))'
    >> >     Fatal error 11: Segmentation faultzsh: segmentation fault  emacs -Q --batch --eval '(print (process-attributes 123456))'
    >> >     ~ $ emacs --version | head -1
    >> >     GNU Emacs 26.2.90
    >> >     ~ $
    >> >
    >> >
    >> > In GNU Emacs 26.2.90 (build 1, x86_64-apple-darwin18.6.0, Carbon Version 158 AppKit 1671.5)
    >> 
    >> Doesn't happen here[1], I just get nil.  Can you show a backtrace with a
    >> gdb (or lldb if that's not available)?

I get the same crash here. You'd expect sysctl to return an error when
requesting info about a non-existent process, but instead it
passive-agressively sets proclen to 0. This fixes it for me here, can
you try it?

diff --git a/src/sysdep.c b/src/sysdep.c
index 1e35e06b63..518ecebcf6 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
   CONS_TO_INTEGER (pid, int, proc_id);
   mib[3] = proc_id;
 
-  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
+  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
     return attrs;
 
   uid = proc.kp_eproc.e_ucred.cr_uid;

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[xuchunyang]

On Tue, Jun 18, 2019, at 11:23 PM, Robert Pluim wrote:
> >>>>> On Tue, 18 Jun 2019 22:05:38 +0800, xuchunyang <mail@xuchunyang.me> said:
> 
>     xuchunyang> On Tue, Jun 18, 2019, at 9:31 PM, Noam Postavsky wrote:
>     >> Xu Chunyang <mail@xuchunyang.me> writes:
>     >> 
>     >> > Emacs crashes when I run the following (the PID 123456 doesn't 
> exist)
>     >> >
>     >> >     (process-attributes 123456)
>     >> >
>     >> > And I can reproduce it from Emacs -Q:
>     >> >
>     >> >     ~ $ emacs -Q --batch --eval '(print (process-attributes 
> 123456))'
>     >> >     Fatal error 11: Segmentation faultzsh: segmentation fault  
> emacs -Q --batch --eval '(print (process-attributes 123456))'
>     >> >     ~ $ emacs --version | head -1
>     >> >     GNU Emacs 26.2.90
>     >> >     ~ $
>     >> >
>     >> >
>     >> > In GNU Emacs 26.2.90 (build 1, x86_64-apple-darwin18.6.0, 
> Carbon Version 158 AppKit 1671.5)
>     >> 
>     >> Doesn't happen here[1], I just get nil.  Can you show a 
> backtrace with a
>     >> gdb (or lldb if that's not available)?
> 
> I get the same crash here. You'd expect sysctl to return an error when
> requesting info about a non-existent process, but instead it
> passive-agressively sets proclen to 0. This fixes it for me here, can
> you try it?

It fixes the issue for me too. (process-attributes 123456) returns nil instead of crashing Emacs.

> 
> diff --git a/src/sysdep.c b/src/sysdep.c
> index 1e35e06b63..518ecebcf6 100644
> --- a/src/sysdep.c
> +++ b/src/sysdep.c
> @@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
>    CONS_TO_INTEGER (pid, int, proc_id);
>    mib[3] = proc_id;
>  
> -  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
> +  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
>      return attrs;
>  
>    uid = proc.kp_eproc.e_ucred.cr_uid;
>

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Eli Zaretskii]

> Date: Wed, 19 Jun 2019 00:23:20 +0800
> From: xuchunyang <mail@xuchunyang.me>
> Cc: 36279@debbugs.gnu.org, Noam Postavsky <npostavs@gmail.com>
> 
> It fixes the issue for me too. (process-attributes 123456) returns nil instead of crashing Emacs.
> 
> > 
> > diff --git a/src/sysdep.c b/src/sysdep.c
> > index 1e35e06b63..518ecebcf6 100644
> > --- a/src/sysdep.c
> > +++ b/src/sysdep.c
> > @@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
> >    CONS_TO_INTEGER (pid, int, proc_id);
> >    mib[3] = proc_id;
> >  
> > -  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
> > +  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
> >      return attrs;
> >  
> >    uid = proc.kp_eproc.e_ucred.cr_uid;
> >

Thanks.  Robert, please push to the emacs-26 branch.

(I understand this problem is quite old, is that right?)

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Tue, 18 Jun 2019 20:44:41 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> Date: Wed, 19 Jun 2019 00:23:20 +0800
    >> From: xuchunyang <mail@xuchunyang.me>
    >> Cc: 36279@debbugs.gnu.org, Noam Postavsky <npostavs@gmail.com>
    >> 
    >> It fixes the issue for me too. (process-attributes 123456) returns nil instead of crashing Emacs.
    >> 
    >> > 
    >> > diff --git a/src/sysdep.c b/src/sysdep.c
    >> > index 1e35e06b63..518ecebcf6 100644
    >> > --- a/src/sysdep.c
    >> > +++ b/src/sysdep.c
    >> > @@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
    >> >    CONS_TO_INTEGER (pid, int, proc_id);
    >> >    mib[3] = proc_id;
    >> >  
    >> > -  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
    >> > +  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
    >> >      return attrs;
    >> >  
    >> >    uid = proc.kp_eproc.e_ucred.cr_uid;
    >> >

    Eli> Thanks.  Robert, please push to the emacs-26 branch.

Will do.

    Eli> (I understand this problem is quite old, is that right?)

commit ef4ed84e72a323b3d29dc34df92d3f89ad4fc322
Date:   Sun Apr 24 14:33:05 2016 +0200

introduced the macOS version of system_process_attributes.

list_system_processes (on macOS and FreeBSD) and
system_process_attributes(on FreeBSD) potentially have similar issues
with sysctl. Would you like a defensive patch for those? (I donʼt have
a FreeBSD system to test on)

Robert

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: xuchunyang <mail@xuchunyang.me>,  36279@debbugs.gnu.org,  npostavs@gmail.com
> Date: Tue, 18 Jun 2019 19:53:06 +0200
> 
> list_system_processes (on macOS and FreeBSD) and
> system_process_attributes(on FreeBSD) potentially have similar issues
> with sysctl. Would you like a defensive patch for those?

Yes, I think so.

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Tue, 18 Jun 2019 21:06:31 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> From: Robert Pluim <rpluim@gmail.com>
    >> Cc: xuchunyang <mail@xuchunyang.me>,  36279@debbugs.gnu.org,  npostavs@gmail.com
    >> Date: Tue, 18 Jun 2019 19:53:06 +0200
    >> 
    >> list_system_processes (on macOS and FreeBSD) and
    >> system_process_attributes(on FreeBSD) potentially have similar issues
    >> with sysctl. Would you like a defensive patch for those?

    Eli> Yes, I think so.

OK, sometime tomorrow (and perhaps for 'get_boot_time' in filelock.c
as well)

Robert

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

>>>>> On Tue, 18 Jun 2019 20:14:31 +0200, Robert Pluim <rpluim@gmail.com> said:

>>>>> On Tue, 18 Jun 2019 21:06:31 +0300, Eli Zaretskii <eliz@gnu.org> said:
    >>> From: Robert Pluim <rpluim@gmail.com>
    >>> Cc: xuchunyang <mail@xuchunyang.me>,  36279@debbugs.gnu.org,  npostavs@gmail.com
    >>> Date: Tue, 18 Jun 2019 19:53:06 +0200
    >>> 
    >>> list_system_processes (on macOS and FreeBSD) and
    >>> system_process_attributes(on FreeBSD) potentially have similar issues
    >>> with sysctl. Would you like a defensive patch for those?

    Eli> Yes, I think so.

    Robert> OK, sometime tomorrow (and perhaps for 'get_boot_time' in filelock.c
    Robert> as well)

I think I got all the ChangeLog syntax right. Patch against emacs-26
attached, not yet pushed.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Check-length-returned-by-sysctl.patch --]
[-- Type: text/x-patch, Size: 2779 bytes --]

From a70ac9f644660a16fa871a9f6933c1344ffae083 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Wed, 19 Jun 2019 08:52:50 +0200
Subject: [PATCH] Check length returned by sysctl
To: emacs-devel@gnu.org

sysctl sometimes returns successfully even when it returns no data,
such as when querying non-existent processes, which can cause crashes.
Check for this condition by validating the length of the returned
data.  (Bug#36279)

* src/sysdep.c (list_system_processes) [DARWIN_OS || __FreeBSD__]:
(system_process_attributes) [__FreeBSD__]:
(system_process_attributes) [DARWIN_OS]:
* src/filelock.c (get_boot_time) [CTL_KERN && KERN_BOOTTIME]: Check
length of data returned by sysctl.
---
 src/filelock.c |  3 +--
 src/sysdep.c   | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/filelock.c b/src/filelock.c
index 81d98f36fa..0865450936 100644
--- a/src/filelock.c
+++ b/src/filelock.c
@@ -151,8 +151,7 @@ get_boot_time (void)
     mib[0] = CTL_KERN;
     mib[1] = KERN_BOOTTIME;
     size = sizeof (boottime_val);
-
-    if (sysctl (mib, 2, &boottime_val, &size, NULL, 0) >= 0)
+    if (sysctl (mib, 2, &boottime_val, &size, NULL, 0) >= 0 && size != 0)
       {
 	boot_time = boottime_val.tv_sec;
 	return boot_time;
diff --git a/src/sysdep.c b/src/sysdep.c
index 1e35e06b63..b2aecc0dda 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -3014,11 +3014,11 @@ list_system_processes (void)
 
   Lisp_Object proclist = Qnil;
 
-  if (sysctl (mib, 3, NULL, &len, NULL, 0) != 0)
+  if (sysctl (mib, 3, NULL, &len, NULL, 0) != 0 || len == 0)
     return proclist;
 
   procs = xmalloc (len);
-  if (sysctl (mib, 3, procs, &len, NULL, 0) != 0)
+  if (sysctl (mib, 3, procs, &len, NULL, 0) != 0 || len == 0)
     {
       xfree (procs);
       return proclist;
@@ -3618,7 +3618,7 @@ system_process_attributes (Lisp_Object pid)
   CONS_TO_INTEGER (pid, int, proc_id);
   mib[3] = proc_id;
 
-  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
+  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
     return attrs;
 
   attrs = Fcons (Fcons (Qeuid, make_fixnum_or_float (proc.ki_uid)), attrs);
@@ -3740,7 +3740,7 @@ system_process_attributes (Lisp_Object pid)
 
   mib[2] = KERN_PROC_ARGS;
   len = MAXPATHLEN;
-  if (sysctl (mib, 4, args, &len, NULL, 0) == 0)
+  if (sysctl (mib, 4, args, &len, NULL, 0) == 0 && len != 0)
     {
       int i;
       for (i = 0; i < len; i++)
@@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
   CONS_TO_INTEGER (pid, int, proc_id);
   mib[3] = proc_id;
 
-  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
+  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
     return attrs;
 
   uid = proc.kp_eproc.e_ucred.cr_uid;
-- 
2.21.0.419.gffac537e6c

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Andreas Schwab]

On Jun 19 2019, Robert Pluim <rpluim@gmail.com> wrote:

> From a70ac9f644660a16fa871a9f6933c1344ffae083 Mon Sep 17 00:00:00 2001
> From: Robert Pluim <rpluim@gmail.com>
> Date: Wed, 19 Jun 2019 08:52:50 +0200
> Subject: [PATCH] Check length returned by sysctl
> To: emacs-devel@gnu.org
>
> sysctl sometimes returns successfully even when it returns no data,
> such as when querying non-existent processes, which can cause crashes.

I thinks that's not a sometimes, but how it is documented to work.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Wed, 19 Jun 2019 10:01:22 +0200, Andreas Schwab <schwab@suse.de> said:

    Andreas> On Jun 19 2019, Robert Pluim <rpluim@gmail.com> wrote:
    >> From a70ac9f644660a16fa871a9f6933c1344ffae083 Mon Sep 17 00:00:00 2001
    >> From: Robert Pluim <rpluim@gmail.com>
    >> Date: Wed, 19 Jun 2019 08:52:50 +0200
    >> Subject: [PATCH] Check length returned by sysctl
    >> To: emacs-devel@gnu.org
    >> 
    >> sysctl sometimes returns successfully even when it returns no data,
    >> such as when querying non-existent processes, which can cause crashes.

    Andreas> I thinks that's not a sometimes, but how it is documented to work.

I guess itʼs a matter of how you describe success:

Me: Kernel, please tell me about process <x>
Kernel: (process <x> does not exist). Success! Have some zero length
data.
Me: <crash>

But whatever, I can adjust the commit message.

Robert

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Andreas Schwab]

On Jun 19 2019, Robert Pluim <rpluim@gmail.com> wrote:

> I guess itʼs a matter of how you describe success:
>
> Me: Kernel, please tell me about process <x>
> Kernel: (process <x> does not exist). Success! Have some zero length
> data.
> Me: <crash>

The crash is because you are accessing the data outside of its bounds.
That has nothing to do with success.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Wed, 19 Jun 2019 12:29:52 +0200, Andreas Schwab <schwab@suse.de> said:

    Andreas> On Jun 19 2019, Robert Pluim <rpluim@gmail.com> wrote:
    >> I guess itʼs a matter of how you describe success:
    >> 
    >> Me: Kernel, please tell me about process <x>
    >> Kernel: (process <x> does not exist). Success! Have some zero length
    >> data.
    >> Me: <crash>

    Andreas> The crash is because you are accessing the data outside of its bounds.
    Andreas> That has nothing to do with success.

Iʼm going to repeat my previous "whatever", since Iʼm not here to
convince you :-)

Robert

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: 36279@debbugs.gnu.org,  mail@xuchunyang.me,  npostavs@gmail.com
> Date: Wed, 19 Jun 2019 09:06:53 +0200
> 
>     >>> list_system_processes (on macOS and FreeBSD) and
>     >>> system_process_attributes(on FreeBSD) potentially have similar issues
>     >>> with sysctl. Would you like a defensive patch for those?
> 
>     Eli> Yes, I think so.
> 
>     Robert> OK, sometime tomorrow (and perhaps for 'get_boot_time' in filelock.c
>     Robert> as well)
> 
> I think I got all the ChangeLog syntax right. Patch against emacs-26
> attached, not yet pushed.

LGTM, thanks.

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

tags 36279 fixed
close 36279 26.3
quit

    Eli> LGTM, thanks.

Closing.
Committed as 04477adedc

Robert

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Eli Zaretskii]

> Date: Tue, 18 Jun 2019 22:05:38 +0800
> From: xuchunyang <mail@xuchunyang.me>
> Cc: 36279@debbugs.gnu.org
> 
>    3869	  rusage = proc.kp_proc.p_ru;
>    3870	  if (rusage)
>    3871	    {
> -> 3872	      attrs = Fcons (Fcons (Qminflt,  make_fixnum_or_float (rusage->ru_minflt)),
>    3873			     attrs);
>    3874	      attrs = Fcons (Fcons (Qmajflt,  make_fixnum_or_float (rusage->ru_majflt)),
>    3875			     attrs);

So 'rusage' is not a NULL pointer, but it's garbled?

bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Eli Zaretskii]

> From: Xu Chunyang <mail@xuchunyang.me>
> Date: Tue, 18 Jun 2019 21:25:40 +0800
> 
> Emacs crashes when I run the following (the PID 123456 doesn't exist)
> 
>     (process-attributes 123456)
> 
> And I can reproduce it from Emacs -Q:
> 
>     ~ $ emacs -Q --batch --eval '(print (process-attributes 123456))'
>     Fatal error 11: Segmentation faultzsh: segmentation fault  emacs -Q --batch --eval '(print (process-attributes 123456))'

This seems to be Darwin-specific.