Project

General

Profile

Bug #86472

Segmentation fault inside test suite

Added by Martin Schreiner 4 months ago. Updated 4 months ago.

Status:
Résolu (à déployer)
Priority:
Normal
Category:
-
Target version:
-
Start date:
26 January 2024
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

Hello,

On some systems, such as SUSE Linux Enterprise 15 SP5, we're seeing that lasso-2.6.1 and lasso-2.8.2 fail to build, as its test suite hits a segmentation fault .
Through careful analysis, we've discovered the exact instruction that triggers the segfault.

0x7ffff7c84b00 <xmlDictOwns>    test   %rsi,%rsi                                                                                                                                                 
0x7ffff7c84b03 <xmlDictOwns+3> sete %cl
0x7ffff7c84b06 <xmlDictOwns+6> test %rdi,%rdi
0x7ffff7c84b09 <xmlDictOwns+9> je 0x7ffff7c84b4e <xmlDictOwns+78>
0x7ffff7c84b0b <xmlDictOwns+11> test %cl,%cl
0x7ffff7c84b0d <xmlDictOwns+13> jne 0x7ffff7c84b4e <xmlDictOwns+78>
--> 0x7ffff7c84b0f <xmlDictOwns+15> mov 0x20(%rdi),%rax
0x7ffff7c84b13 <xmlDictOwns+19> test %rax,%rax
0x7ffff7c84b16 <xmlDictOwns+22> je 0x7ffff7c84b37 <xmlDictOwns+55>
0x7ffff7c84b18 <xmlDictOwns+24> nopl 0x0(%rax,%rax,1)
0x7ffff7c84b20 <xmlDictOwns+32> lea 0x28(%rax),%rdx
0x7ffff7c84b24 <xmlDictOwns+36> cmp %rdx,%rsi
0x7ffff7c84b27 <xmlDictOwns+39> jb 0x7ffff7c84b2f <xmlDictOwns+47>
0x7ffff7c84b29 <xmlDictOwns+41> cmp %rsi,0x8(%rax)
0x7ffff7c84b2d <xmlDictOwns+45> jae 0x7ffff7c84b48 <xmlDictOwns+72>

This happens when running the following test: test16_test_get_issuer_fn (basic_tests.c:1019) .
This test contains a loop, and it doesn't happen the first time the instruction is executed. It takes over 30 thousand attempts, but then it always causes a segfault.
Various other tests, typically login-related ones, also trigger this issue.

On SLE 15 SP5 specifically, we're using libxml2 version 2.10.3.

I'm including a patch we've written that seems to mitigate the issue, hopefully you can have a look and see how it might mitigate this problem, and maybe other people are also being affected.

We have a build of lasso-2.8.2 running here, with the patch:
https://build.opensuse.org/package/show/home:pgajdos/lasso

Thanks.


Files

lasso.patch (461 Bytes) lasso.patch Patch that fixed the segfault Martin Schreiner, 01 February 2024 08:14 PM

Associated revisions

Revision 534d2b96 (diff)
Added by Benjamin Dauvergne 4 months ago

Do not free xmlDoc before unlinking its tree (#86472)

History

#1

Updated by Benjamin Dauvergne 4 months ago

  • Assignee set to Benjamin Dauvergne
#2

Updated by Benjamin Dauvergne 4 months ago

  • Status changed from Nouveau to Résolu (à déployer)
commit 534d2b96985714598d58b2da947d5813efe1e67c
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Thu Feb 1 21:50:21 2024 +0100

    Do not free xmlDoc before unlinking its tree (#86472)
#3

Updated by Benjamin Dauvergne 4 months ago

  • Category deleted (Tests)

It's fixed in main, thanks for the report.

#4

Updated by Martin Schreiner 4 months ago

Do you think it'd be possible to backport a patch, fix it for 2.6.X as well?
I mean, if that commit applies cleanly for 2.6.X, should it be good to go?

I want to fix this for SLE 15 SP5.

Thank you very much!

#5

Updated by Benjamin Dauvergne 4 months ago

Martin Schreiner a écrit :

Do you think it'd be possible to backport a patch, fix it for 2.6.X as well?
I mean, if that commit applies cleanly for 2.6.X, should it be good to go?

Sorry but we do not manage backports upstream, we provide fixes only in the latest version.

Also available in: Atom PDF