From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libffi-discuss-return-2393-listarch-libffi-discuss=sources.redhat.com@sourceware.org>
Received: (qmail 21921 invoked by alias); 26 Jun 2019 20:55:54 -0000
Mailing-List: contact libffi-discuss-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libffi-discuss.sourceware.org>
List-Subscribe: <mailto:libffi-discuss-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libffi-discuss/>
List-Post: <mailto:libffi-discuss@sourceware.org>
List-Help: <mailto:libffi-discuss-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libffi-discuss-owner@sourceware.org
Received: (qmail 21911 invoked by uid 89); 26 Jun 2019 20:55:54 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-10.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GIT_PATCH_3,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 26 Jun 2019 20:55:53 +0000
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 27143C05B038	for <libffi-discuss@sourceware.org>; Wed, 26 Jun 2019 20:55:52 +0000 (UTC)
Received: from greed.delorie.com (ovpn-124-13.rdu2.redhat.com [10.10.124.13])	by smtp.corp.redhat.com (Postfix) with ESMTPS id 95DD45C1A1;	Wed, 26 Jun 2019 20:55:49 +0000 (UTC)
Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1])	by greed.delorie.com (8.14.7/8.14.7) with ESMTP id x5QKtlRx009105;	Wed, 26 Jun 2019 16:55:47 -0400
Date: Wed, 26 Jun 2019 20:55:00 -0000
Message-Id: <xntvcct6b0.fsf@greed.delorie.com>
From: DJ Delorie <dj@redhat.com>
To: libffi-discuss@sourceware.org
CC: Florian Weimer <fweimer@redhat.com>
Subject: segfault in ffi_data_to_code_pointer
X-IsSubscribed: yes
X-SW-Source: 2019/txt/msg00010.txt.bz2


In src/closures.c, ffi_data_to_code_pointer() calls segment_holding()
to get a pointer to the code segment for a data segment.  It doesn't
check for a NULL return, and I've got a test case where I run Ruby's
test suite (on a non-selinux aarch64 machine, if that matters) and
segment_holding() returns NULL and much hilarity ensues.

The following patch fixes the segfault, but I don't know if
segment_holding() returning NULL is an expected case, or a symptom of
problems elsewhere?

> diff -rup a/src/closures.c b/src/closures.c
> --- a/src/closures.c	2019-06-25 21:21:06.738743440 -0400
> +++ b/src/closures.c	2019-06-25 21:22:00.769716129 -0400
> @@ -621,7 +621,10 @@ void *
>  ffi_data_to_code_pointer (void *data)
>  {
>    msegmentptr seg = segment_holding (gm, data);
> -  return add_segment_exec_offset (data, seg);
> +  if (seg)
> +    return add_segment_exec_offset (data, seg);
> +  else
> +    return data;
>  }