From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.devel Subject: Undefined behavior in OS X unexec detected by ASan Date: Sat, 02 Apr 2016 17:26:17 +0000 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=047d7b3a8cacb17de5052f83cb3e X-Trace: ger.gmane.org 1459618013 32080 80.91.229.3 (2 Apr 2016 17:26:53 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 2 Apr 2016 17:26:53 +0000 (UTC) To: Emacs developers Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Apr 02 19:26:48 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1amPJw-0000gl-5n for ged-emacs-devel@m.gmane.org; Sat, 02 Apr 2016 19:26:48 +0200 Original-Received: from localhost ([::1]:50388 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1amPJv-00076t-9y for ged-emacs-devel@m.gmane.org; Sat, 02 Apr 2016 13:26:47 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33703) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1amPJe-00075f-Pp for emacs-devel@gnu.org; Sat, 02 Apr 2016 13:26:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1amPJd-0007HV-Qc for emacs-devel@gnu.org; Sat, 02 Apr 2016 13:26:30 -0400 Original-Received: from mail-lb0-x22e.google.com ([2a00:1450:4010:c04::22e]:34475) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1amPJd-0007HG-EX for emacs-devel@gnu.org; Sat, 02 Apr 2016 13:26:29 -0400 Original-Received: by mail-lb0-x22e.google.com with SMTP id vo2so103202219lbb.1 for ; Sat, 02 Apr 2016 10:26:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=QgZmcdr9kYm+FAZvaoQ+xQuCyCKFPjpd6yF9NUjbulk=; b=QWDBMY2XSAEJzUZL/F1jwejujucZ3Y4gYhXu0D4QXBHMPXwIxGPa8fQqH9yUzAxbyV SwraliZeCfIOaO05ZKgxjq9O6evGrHpETaKpUzbEfBLH+eqV/AQsKZDDYF58AnIuiDRX wnVLtwsYE4ApBbGWrqAiECw9udJOE8W8mcZ4gAzwUai2zBJ7j0iJ7JMgLFfi2iDLtNqp FYUgH9tbomVdRlLqapoF7a1nDWshMeYshyigNaxP1ahvieMhSx/GFT4De79SuPnlJUes HQQ4FDv02NdJcQ4ytgy/FKpxyGTQF3B6z29vLXsuwscfS1PGqa4dao2iMMwOd2Io4f6c 1KPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QgZmcdr9kYm+FAZvaoQ+xQuCyCKFPjpd6yF9NUjbulk=; b=SYjLRFkgMNNLLrxwq2axM50VQD0DQTbnOzpz9doIv1FzEFRbFSlhtIeVeqrYpa6DuN 8TE9pukBFGpMLhkJb/PP7wVROrLsETIPPceSqNGH0Vs2KsEjarR/i/Y9l7XXM7I4HLdx STWZZvbEIg7kdVV0BJmM6HYQgap1htJBjctg5ziNU8gcP/0fmMpJIquRnY6PFkhnUk+7 wPAOuDFaURP6WZYTW6CLwfIKJ/HBa/XYL44FWOLOFJJpl4NPV3SudG5VLlfDOT3Ofcwo G1xDnuJ3Rk6L0/xN74Z2dJFJ77zShrpWG8GJoukY/EscitdmUt56nLuGcxLvuJET6pHv opHg== X-Gm-Message-State: AD7BkJJmW9k/Z7AufqL3LgMxdKicXAA3AaDv+6AMYIZm3aJAfhycntdLlIOC052w9bcg/fLA8AC4EPCVJgdb+w== X-Received: by 10.112.133.38 with SMTP id oz6mr4353923lbb.64.1459617988043; Sat, 02 Apr 2016 10:26:28 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c04::22e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:202595 Archived-At: --047d7b3a8cacb17de5052f83cb3e Content-Type: multipart/alternative; boundary=047d7b3a8cacb17dde052f83cb3c --047d7b3a8cacb17dde052f83cb3c Content-Type: text/plain; charset=UTF-8 unexmacosx.c reads process memory directly, which tends to work in practice but is technically undefined behavior. I've attached a small patch that uses vm_read instead. According to ASan with this patch there's no more UB when dumping. --047d7b3a8cacb17dde052f83cb3c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
unexmacosx.c reads process memory directly, which tends to= work in practice but is technically undefined behavior. I've attached = a small patch that uses vm_read instead. According to ASan with this patch = there's no more UB when dumping.
--047d7b3a8cacb17dde052f83cb3c-- --047d7b3a8cacb17de5052f83cb3e Content-Type: application/octet-stream; name="0001-Remove-undefined-behavior-in-OS-X-dumper.patch" Content-Disposition: attachment; filename="0001-Remove-undefined-behavior-in-OS-X-dumper.patch" Content-Transfer-Encoding: base64 Content-ID: <153d802b3ff7ef15d721> X-Attachment-Id: 153d802b3ff7ef15d721 RnJvbSBjYmYwZDg4YjEwOTI1NGFlODJmY2M3MTMzMDI2MzRkOTgxN2JhOWM3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQaGlsaXBwIFN0ZXBoYW5pIDxwaHN0QGdvb2dsZS5jb20+CkRh dGU6IFRodSwgMzEgTWFyIDIwMTYgMjM6MTA6NDAgKzAyMDAKU3ViamVjdDogW1BBVENIXSBSZW1v dmUgdW5kZWZpbmVkIGJlaGF2aW9yIGluIE9TIFggZHVtcGVyLgoKRm91bmQgYnkgQWRkcmVzcyBT YW5pdGl6ZXIuCgoqIHNyYy91bmV4bWFjb3N4LmMgKHVuZXhlY193cml0ZSk6IFVzZSBNYWNoIHZp cnR1YWwgbWVtb3J5IEFQSSB0bwphdm9pZCB1bmRlZmluZWQgYmVoYXZpb3Igd2hlbiByZWFkaW5n IGFyYml0cmFyeSBtZW1vcnkuCi0tLQogc3JjL3VuZXhtYWNvc3guYyB8IDIxICsrKysrKysrKysr KysrKysrKysrLQogMSBmaWxlIGNoYW5nZWQsIDIwIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24o LSkKCmRpZmYgLS1naXQgYS9zcmMvdW5leG1hY29zeC5jIGIvc3JjL3VuZXhtYWNvc3guYwppbmRl eCA4MjdlZGE1Li5iZGFjYzhiIDEwMDY0NAotLS0gYS9zcmMvdW5leG1hY29zeC5jCisrKyBiL3Ny Yy91bmV4bWFjb3N4LmMKQEAgLTEwMyw5ICsxMDMsMTEgQEAgYWxvbmcgd2l0aCBHTlUgRW1hY3Mu ICBJZiBub3QsIHNlZSA8aHR0cDovL3d3dy5nbnUub3JnL2xpY2Vuc2VzLz4uICAqLwogI2luY2x1 ZGUgPHN0ZGlvLmg+CiAjaW5jbHVkZSA8ZmNudGwuaD4KICNpbmNsdWRlIDxzdGRhcmcuaD4KKyNp bmNsdWRlIDxzdGRpbnQuaD4KICNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KICNpbmNsdWRlIDx1bmlz dGQuaD4KICNpbmNsdWRlIDxtYWNoL21hY2guaD4KKyNpbmNsdWRlIDxtYWNoL3ZtX21hcC5oPgog I2luY2x1ZGUgPG1hY2gtby9sb2FkZXIuaD4KICNpbmNsdWRlIDxtYWNoLW8vcmVsb2MuaD4KICNp ZmRlZiBIQVZFX01BTExPQ19NQUxMT0NfSApAQCAtMjE3LDEwICsyMTksMjcgQEAgdW5leGVjX3Jl YWQgKHZvaWQgKmRlc3QsIHNpemVfdCBuKQogc3RhdGljIGludAogdW5leGVjX3dyaXRlIChvZmZf dCBkZXN0LCBjb25zdCB2b2lkICpzcmMsIHNpemVfdCBjb3VudCkKIHsKKyAgdGFza190IHRhc2sg PSBtYWNoX3Rhc2tfc2VsZigpOworICBpZiAodGFzayA9PSBNQUNIX1BPUlRfTlVMTCB8fCB0YXNr ID09IE1BQ0hfUE9SVF9ERUFEKQorICAgIHJldHVybiBmYWxzZTsKKwogICBpZiAobHNlZWsgKG91 dGZkLCBkZXN0LCBTRUVLX1NFVCkgIT0gZGVzdCkKICAgICByZXR1cm4gMDsKIAotICByZXR1cm4g d3JpdGUgKG91dGZkLCBzcmMsIGNvdW50KSA9PSBjb3VudDsKKyAgLyogV2UgdXNlIHRoZSBNYWNo IHZpcnR1YWwgbWVtb3J5IEFQSSB0byByZWFkIG91ciBwcm9jZXNzIG1lbW9yeQorICAgICBiZWNh dXNlIHVzaW5nIHNyYyBkaXJlY3RseSB3b3VsZCBiZSB1bmRlZmluZWQgYmVoYXZpb3IgYW5kIGZh aWxzCisgICAgIHVuZGVyIEFkZHJlc3MgU2FuaXRpemVyLiAgKi8KKyAgYm9vbCBzdWNjZXNzID0g ZmFsc2U7CisgIHZtX29mZnNldF90IGRhdGE7CisgIG1hY2hfbXNnX3R5cGVfbnVtYmVyX3QgZGF0 YV9jb3VudDsKKyAgaWYgKHZtX3JlYWQgKHRhc2ssICh1aW50cHRyX3QpIHNyYywgY291bnQsICZk YXRhLCAmZGF0YV9jb3VudCkKKyAgICAgID09IEtFUk5fU1VDQ0VTUykKKyAgICB7CisgICAgICBz dWNjZXNzID0KKyAgICAgICAgd3JpdGUgKG91dGZkLCAoY29uc3Qgdm9pZCAqKSAodWludHB0cl90 KSBkYXRhLCBkYXRhX2NvdW50KSA9PSBjb3VudDsKKyAgICAgIHZtX2RlYWxsb2NhdGUgKHRhc2ss IGRhdGEsIGRhdGFfY291bnQpOworICAgIH0KKyAgcmV0dXJuIHN1Y2Nlc3M7CiB9CiAKIC8qIFdy aXRlIENPVU5UIGJ5dGVzIG9mIHplcm9zIHRvIG91dGZkIHN0YXJ0aW5nIGF0IG9mZnNldCBERVNU LgotLSAKMi43LjQKCg== --047d7b3a8cacb17de5052f83cb3e--