Smalltalk › Squeak › Squeak VM

Buffer overriuns detected by fortify in the AioPlugin (was Re: [Pharo-dev] Pharo6 with Ubuntu and OSSubprocess/threaded heartbeat crashes and problems

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Eliot Miranda-2

Buffer overriuns detected by fortify in the AioPlugin (was Re: [Pharo-dev] Pharo6 with Ubuntu and OSSubprocess/threaded heartbeat crashes and problems

Hi,

aioEnable et al should really check the fd argument against FD_SETSIZE and answer error codes that get tested in clients. See two messages below:

On Tue, Mar 6, 2018 at 2:49 AM, Sabine Manaa <[hidden email]> wrote:

Hi,

I can report the following:

The problem with the Buffer overflow remains also with OSProcess.
Also with the normal vm (https://get.pharo.org ).

Summary: I have buffer overflow crashes with my application on Linux.
The same code runs without problems on MacOS and on Windows.
I have the same test data/database and do exactly the same.

The problem occurs only after calling several times OSProcess/OSSubprocess.
This is the reason why I first had a suspicion that OSSubprocess is responsible for the crashes.

Can anyone tell me how to proceed to find the reason for the buffer overflow?
There is no PharoDebug.log

Help is very appreciated!

This is the message when terminating:

root@Pharo_ubuntu_16:/spf/build# ./pharo Pharo-Productive-SPF.image --no-quit
SmalltalkImageInstanceID class>>startUp*** buffer overflow detected ***: /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x67377)[0xf75b9377]
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x68)[0xf7649708]
/lib/i386-linux-gnu/libc.so.6(+0xf58f8)[0xf76478f8]
/lib/i386-linux-gnu/libc.so.6(+0xf75fa)[0xf76495fa]
/spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo(aioEnable+0x31)[0x80c9811]
/spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo[0x81215ee]
[0x90010e0]
[0x90ad2d0]
[0x90db8b4]
[0x90ad24a]
[0x900be6b]
[0x900b04d]
[0x9007a3e]
[0x9004247]
[0x9004572]
[0x9001020]
[0xa98c524]
[0xb1755db]
[0x9003efc]
[0x9001020]
[0xdcb558c]
[0xb0d4d95]
[0x9000ff0]
======= Memory map: ========
08048000-08164000 r-xp 00000000 00:1b 1183256 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
08164000-08165000 r--p 0011b000 00:1b 1183256 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
08165000-08170000 rw-p 0011c000 00:1b 1183256 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/pharo
08170000-081a7000 rw-p 00000000 00:00 0
08fdd000-08ffe000 rw-p 00000000 00:00 0 [heap]
09000000-09100000 rwxp 00000000 00:00 0
09100000-11200000 rw-p 00000000 00:00 0
f552e000-f554a000 r-xp 00000000 00:1b 8244 /lib/i386-linux-gnu/libgcc_s.so.1
f554a000-f554b000 rw-p 0001b000 00:1b 8244 /lib/i386-linux-gnu/libgcc_s.so.1
f554b000-f684c000 rw-p 00000000 00:00 0
f684c000-f684f000 r-xp 00000000 00:1b 1183242 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
f684f000-f6850000 r--p 00002000 00:1b 1183242 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
f6850000-f6851000 rw-p 00003000 00:1b 1183242 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/JPEGReaderPlugin.so
f6851000-f68b2000 r-xp 00000000 00:1b 1183230 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
f68b2000-f68b3000 ---p 00061000 00:1b 1183230 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
f68b3000-f68b5000 r--p 00061000 00:1b 1183230 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
f68b5000-f68b9000 rw-p 00063000 00:1b 1183230 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0
f68b9000-f6a7b000 r-xp 00000000 00:1b 1183239 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
f6a7b000-f6a7c000 ---p 001c2000 00:1b 1183239 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
f6a7c000-f6a8c000 r--p 001c2000 00:1b 1183239 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
f6a8c000-f6a93000 rw-p 001d2000 00:1b 1183239 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/libcrypto.so.1.0.0
f6a93000-f6a96000 rw-p 00000000 00:00 0
f6a96000-f6a9b000 r-xp 00000000 00:1b 1183249 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
f6a9b000-f6a9c000 r--p 00004000 00:1b 1183249 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
f6a9c000-f6a9d000 rw-p 00005000 00:1b 1183249 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/SqueakSSL.so
f6a9d000-f6ab1000 r-xp 00000000 00:1b 7925 /lib/i386-linux-gnu/libresolv-2.23.so
f6ab1000-f6ab2000 ---p 00014000 00:1b 7925 /lib/i386-linux-gnu/libresolv-2.23.so
f6ab2000-f6ab3000 r--p 00014000 00:1b 7925 /lib/i386-linux-gnu/libresolv-2.23.so
f6ab3000-f6ab4000 rw-p 00015000 00:1b 7925 /lib/i386-linux-gnu/libresolv-2.23.so
f6ab4000-f6ab6000 rw-p 00000000 00:00 0
f6ab6000-f6abb000 r-xp 00000000 00:1b 7931 /lib/i386-linux-gnu/libnss_dns-2.23.so
f6abb000-f6abc000 r--p 00004000 00:1b 7931 /lib/i386-linux-gnu/libnss_dns-2.23.so
f6abc000-f6abd000 rw-p 00005000 00:1b 7931 /lib/i386-linux-gnu/libnss_dns-2.23.so
f6abd000-f6c05000 rw-p 00000000 00:00 0
f6c05000-f6c2e000 r-xp 00000000 00:1b 8373 /lib/i386-linux-gnu/libpng12.so.0.54.0
f6c2e000-f6c2f000 r--p 00028000 00:1b 8373 /lib/i386-linux-gnu/libpng12.so.0.54.0
f6c2f000-f6c30000 rw-p 00029000 00:1b 8373 /lib/i386-linux-gnu/libpng12.so.0.54.0
f6c30000-f6c49000 r-xp 00000000 00:1b 8362 /lib/i386-linux-gnu/libz.so.1.2.8
f6c49000-f6c4a000 r--p 00018000 00:1b 8362 /lib/i386-linux-gnu/libz.so.1.2.8
f6c4a000-f6c4b000 rw-p 00019000 00:1b 8362 /lib/i386-linux-gnu/libz.so.1.2.8
f6c4b000-f6cf6000 r-xp 00000000 00:1b 8395 /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
f6cf6000-f6cfa000 r--p 000aa000 00:1b 8395 /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
f6cfa000-f6cfb000 rw-p 000ae000 00:1b 8395 /usr/lib/i386-linux-gnu/libfreetype.so.6.12.1
f6cfb000-f6d02000 r-xp 00000000 00:1b 1183229 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
f6d02000-f6d03000 r--p 00006000 00:1b 1183229 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
f6d03000-f6d04000 rw-p 00007000 00:1b 1183229 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/FT2Plugin.so
f6d04000-f6d0f000 r-xp 00000000 00:1b 7934 /lib/i386-linux-gnu/libnss_files-2.23.so
f6d0f000-f6d10000 r--p 0000a000 00:1b 7934 /lib/i386-linux-gnu/libnss_files-2.23.so
f6d10000-f6d11000 rw-p 0000b000 00:1b 7934 /lib/i386-linux-gnu/libnss_files-2.23.so
f6d11000-f6d38000 rw-p 00000000 00:00 0
f6d38000-f6d39000 ---p 00000000 00:00 0
f6d39000-f7539000 rw-p 00000000 00:00 0 [stack:21188]
f7539000-f753b000 r-xp 00000000 00:1b 7968 /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
f753b000-f753c000 r--p 00001000 00:1b 7968 /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
f753c000-f753d000 rw-p 00002000 00:1b 7968 /usr/lib/i386-linux-gnu/gconv/MACINTOSH.so
f753d000-f7544000 r--s 00000000 00:1b 7977 /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
f7544000-f754a000 r-xp 00000000 00:1b 1183240 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
f754a000-f754b000 r--p 00005000 00:1b 1183240 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
f754b000-f754c000 rw-p 00006000 00:1b 1183240 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-sound-OSS.so
f754c000-f754e000 r-xp 00000000 00:1b 1183257 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
f754e000-f754f000 r--p 00001000 00:1b 1183257 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
f754f000-f7550000 rw-p 00002000 00:1b 1183257 /spf/build/pharo-vm/lib/pharo/5.0-201707201942/vm-display-null.so
f7550000-f7552000 rw-p 00000000 00:00 0
f7552000-f7702000 r-xp 00000000 00:1b 7921 /lib/i386-linux-gnu/libc-2.23.so
f7702000-f7704000 r--p 001af000 00:1b 7921 /lib/i386-linux-gnu/libc-2.23.so
f7704000-f7705000 rw-p 001b1000 00:1b 7921 /lib/i386-linux-gnu/libc-2.23.so
f7705000-f7708000 rw-p 00000000 00:00 0
f7708000-f775b000 r-xp 00000000 00:1b 7917 /lib/i386-linux-gnu/libm-2.23.so
f775b000-f775c000 r--p 00052000 00:1b 7917 /lib/i386-linux-gnu/libm-2.23.so
f775c000-f775d000 rw-p 00053000 00:1b 7917 /lib/i386-linux-gnu/libm-2.23.so
f775d000-f7776000 r-xp 00000000 00:1b 7920 /lib/i386-linux-gnu/libpthread-2.23.so
f7776000-f7777000 r--p 00018000 00:1b 7920 /lib/i386-linux-gnu/libpthread-2.23.so
f7777000-f7778000 rw-p 00019000 00:1b 7920 /lib/i386-linux-gnu/libpthread-2.23.so
f7778000-f777a000 rw-p 00000000 00:00 0
f777a000-f777d000 r-xp 00000000 00:1b 7923 /lib/i386-linux-gnu/libdl-2.23.so
f777d000-f777e000 r--p 00002000 00:1b 7923 /lib/i386-linux-gnu/libdl-2.23.so
f777e000-f777f000 rw-p 00003000 00:1b 7923 /lib/i386-linux-gnu/libdl-2.23.so
f777f000-f7780000 rw-p 00000000 00:00 0
f7780000-f7781000 r-xp 00000000 00:00 0 [vdso]
f7781000-f77a4000 r-xp 00000000 00:1b 7919 /lib/i386-linux-gnu/ld-2.23.so
f77a4000-f77a5000 r--p 00022000 00:1b 7919 /lib/i386-linux-gnu/ld-2.23.so
f77a5000-f77a6000 rw-p 00023000 00:1b 7919 /lib/i386-linux-gnu/ld-2.23.so
ffc55000-ffcd1000 rw-p 00000000 00:00 0 [stack]
./pharo: line 11: 14639 Aborted "$DIR"/"pharo-vm/pharo" --nodisplay "$@"

On Tue, Mar 6, 2018 at 5:26 AM, Henrik Sperre Johansen <[hidden email]> wrote:

Seems to me aioEnable somehow triggers this.
It maintains buffers of size FD_SETSIZE (1024 on Linux)*, so an fd
parameter** >= that, could probably trigger such an error.
Maybe you could put a halt in whichever method in OSSubprocess/OSProcess
calls the primitive triggered when condition occurs, to see if that is the
cause?
If so, identifying *why* you end up with fd's that high (which, afaik, isn't
normal), will probably lead to a workaround/solution...

Cheers,
Henry

*
https://github.com/pharo-project/pharo-vm/blob/e0ce2d9d78c3c7b37bbc12cd8730c6a15f1f057c/opensmalltalk-vm/platforms/unix/vm/aio.c
**
https://github.com/pharo-project/pharo-vm/blob/c50dec02d2875de56c84d11889c78484e2d5cda8/mc/VMConstruction-Plugins-AioPlugin.package/UnixAioPlugin.class/instance/primitiveAioEnable.st

--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

_,,,^..^,,,_

best, Eliot