From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libffi-discuss-return-2394-listarch-libffi-discuss=sources.redhat.com@sourceware.org>
Received: (qmail 20833 invoked by alias); 30 Jun 2019 11:46:11 -0000
Mailing-List: contact libffi-discuss-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libffi-discuss.sourceware.org>
List-Subscribe: <mailto:libffi-discuss-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libffi-discuss/>
List-Post: <mailto:libffi-discuss@sourceware.org>
List-Help: <mailto:libffi-discuss-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libffi-discuss-owner@sourceware.org
Received: (qmail 20803 invoked by uid 89); 30 Jun 2019 11:46:07 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPAM_BODY1 autolearn=ham version=3.3.1 spammy=Green, green, HTo:U*dj, financial
X-HELO: mail-io1-f54.google.com
Received: from mail-io1-f54.google.com (HELO mail-io1-f54.google.com) (209.85.166.54) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 30 Jun 2019 11:46:06 +0000
Received: by mail-io1-f54.google.com with SMTP id u19so13795363ior.9        for <libffi-discuss@sourceware.org>; Sun, 30 Jun 2019 04:46:06 -0700 (PDT)
Return-Path: <green@redhat.com>
Received: from localhost ([2607:fea8:551f:e9a1:f59:a80d:f422:3936])        by smtp.gmail.com with ESMTPSA id 20sm7948992iog.62.2019.06.30.04.46.02        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);        Sun, 30 Jun 2019 04:46:03 -0700 (PDT)
From: Anthony Green <green@redhat.com>
To: DJ Delorie <dj@redhat.com>
Cc: libffi-discuss@sourceware.org,  Florian Weimer <fweimer@redhat.com>
Subject: Re: segfault in ffi_data_to_code_pointer
References: <xntvcct6b0.fsf@greed.delorie.com>
Date: Sun, 30 Jun 2019 11:46:00 -0000
In-Reply-To: <xntvcct6b0.fsf@greed.delorie.com> (DJ Delorie's message of "Wed,	26 Jun 2019 16:55:47 -0400")
Message-ID: <87o92fs3d2.fsf@laptop.atgreen.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-IsSubscribed: yes
X-SW-Source: 2019/txt/msg00011.txt.bz2


Hi DJ,

DJ Delorie <dj@redhat.com> writes:
> In src/closures.c, ffi_data_to_code_pointer() calls segment_holding()
> to get a pointer to the code segment for a data segment.  It doesn't
> check for a NULL return, and I've got a test case where I run Ruby's
> test suite (on a non-selinux aarch64 machine, if that matters) and
> segment_holding() returns NULL and much hilarity ensues.

This suggests that the ffi_closure object used to invoke
ffi_data_to_code_pointer wasn't allocated by ffi_closure_alloc().  Is
that something you can check?

Thanks,

AG

>
> The following patch fixes the segfault, but I don't know if
> segment_holding() returning NULL is an expected case, or a symptom of
> problems elsewhere?
>
>> diff -rup a/src/closures.c b/src/closures.c
>> --- a/src/closures.c	2019-06-25 21:21:06.738743440 -0400
>> +++ b/src/closures.c	2019-06-25 21:22:00.769716129 -0400
>> @@ -621,7 +621,10 @@ void *
>>  ffi_data_to_code_pointer (void *data)
>>  {
>>    msegmentptr seg = segment_holding (gm, data);
>> -  return add_segment_exec_offset (data, seg);
>> +  if (seg)
>> +    return add_segment_exec_offset (data, seg);
>> +  else
>> +    return data;
>>  }

-- 
Anthony Green <green@redhat.com> 
Senior Principal Solutions Architect, Financial Services
+1 647 477-3809