Bug #86472
Segmentation fault inside test suite
0%
Description
Hello,
On some systems, such as SUSE Linux Enterprise 15 SP5, we're seeing that lasso-2.6.1 and lasso-2.8.2 fail to build, as its test suite hits a segmentation fault .
Through careful analysis, we've discovered the exact instruction that triggers the segfault.
0x7ffff7c84b00 <xmlDictOwns> test %rsi,%rsi
0x7ffff7c84b03 <xmlDictOwns+3> sete %cl
0x7ffff7c84b06 <xmlDictOwns+6> test %rdi,%rdi
0x7ffff7c84b09 <xmlDictOwns+9> je 0x7ffff7c84b4e <xmlDictOwns+78>
0x7ffff7c84b0b <xmlDictOwns+11> test %cl,%cl
0x7ffff7c84b0d <xmlDictOwns+13> jne 0x7ffff7c84b4e <xmlDictOwns+78>
--> 0x7ffff7c84b0f <xmlDictOwns+15> mov 0x20(%rdi),%rax
0x7ffff7c84b13 <xmlDictOwns+19> test %rax,%rax
0x7ffff7c84b16 <xmlDictOwns+22> je 0x7ffff7c84b37 <xmlDictOwns+55>
0x7ffff7c84b18 <xmlDictOwns+24> nopl 0x0(%rax,%rax,1)
0x7ffff7c84b20 <xmlDictOwns+32> lea 0x28(%rax),%rdx
0x7ffff7c84b24 <xmlDictOwns+36> cmp %rdx,%rsi
0x7ffff7c84b27 <xmlDictOwns+39> jb 0x7ffff7c84b2f <xmlDictOwns+47>
0x7ffff7c84b29 <xmlDictOwns+41> cmp %rsi,0x8(%rax)
0x7ffff7c84b2d <xmlDictOwns+45> jae 0x7ffff7c84b48 <xmlDictOwns+72>
This happens when running the following test: test16_test_get_issuer_fn (basic_tests.c:1019) .
This test contains a loop, and it doesn't happen the first time the instruction is executed. It takes over 30 thousand attempts, but then it always causes a segfault.
Various other tests, typically login-related ones, also trigger this issue.
On SLE 15 SP5 specifically, we're using libxml2 version 2.10.3.
I'm including a patch we've written that seems to mitigate the issue, hopefully you can have a look and see how it might mitigate this problem, and maybe other people are also being affected.
We have a build of lasso-2.8.2 running here, with the patch:
https://build.opensuse.org/package/show/home:pgajdos/lasso
Thanks.
Fichiers
Révisions associées
Historique
Mis à jour par Benjamin Dauvergne il y a 3 mois
- Statut changé de Nouveau à Résolu (à déployer)
commit 534d2b96985714598d58b2da947d5813efe1e67c Author: Benjamin Dauvergne <bdauvergne@entrouvert.com> Date: Thu Feb 1 21:50:21 2024 +0100 Do not free xmlDoc before unlinking its tree (#86472)
Mis à jour par Benjamin Dauvergne il y a 3 mois
- Catégorie
Testssupprimé
It's fixed in main, thanks for the report.
Mis à jour par Martin Schreiner il y a 3 mois
Do you think it'd be possible to backport a patch, fix it for 2.6.X as well?
I mean, if that commit applies cleanly for 2.6.X, should it be good to go?
I want to fix this for SLE 15 SP5.
Thank you very much!
Mis à jour par Benjamin Dauvergne il y a 3 mois
Martin Schreiner a écrit :
Do you think it'd be possible to backport a patch, fix it for 2.6.X as well?
I mean, if that commit applies cleanly for 2.6.X, should it be good to go?
Sorry but we do not manage backports upstream, we provide fixes only in the latest version.
Do not free xmlDoc before unlinking its tree (#86472)