Fix BZ #18084 (backtrace(..., 0) crash on x86)

Message ID	CAPC3xaqs+AYOKnogxGWV9v0KC-a9SnuZ2So=jaVAeZmBZZrvRg@mail.gmail.com
State	New
Headers	show Return-Path: <libc-alpha-return-62178-incoming=patchwork.ozlabs.org@sourceware.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; q=dns; s=default; b= lNmWTIVyCPfkT7wFIG7aTRZv2TySF8udqfjhGaOI8tWViiqCOigmhT6BPgXrYV6b OPdc6JMZMgVnCcK/ouocTxAvkO1ufD3i05S9eh+QlH8CagqrH3HdtoINiKLPK5E2 W6XtmnR87fHsFVhd+Df9wpNWWVD8la+aLApKRiToONc= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org MIME-Version: 1.0 In-Reply-To: <55C8F556.30001@googlemail.com> References: <CAPC3xaqq7VQm+1VCBuUz=GXKUZC7A4x3MmHxYCCTShiwqMmyuQ@mail.gmail.com> <55C8F556.30001@googlemail.com> Date: Sat, 15 Aug 2015 11:01:35 -0700 Message-ID: <CAPC3xaqs+AYOKnogxGWV9v0KC-a9SnuZ2So=jaVAeZmBZZrvRg@mail.gmail.com> Subject: Re: Fix BZ #18084 (backtrace(..., 0) crash on x86) From: Paul Pluzhnikov <ppluzhnikov@gmail.com> To: Tolga Dalman <tolga.dalman@googlemail.com> Cc: GLIBC Devel <libc-alpha@sourceware.org> Content-Type: multipart/mixed; boundary=001a113ec89cfd4eb0051d5d5be7

Message ID

CAPC3xaqs+AYOKnogxGWV9v0KC-a9SnuZ2So=jaVAeZmBZZrvRg@mail.gmail.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type; q=dns; s=default; b=
	lNmWTIVyCPfkT7wFIG7aTRZv2TySF8udqfjhGaOI8tWViiqCOigmhT6BPgXrYV6b
	OPdc6JMZMgVnCcK/ouocTxAvkO1ufD3i05S9eh+QlH8CagqrH3HdtoINiKLPK5E2
	W6XtmnR87fHsFVhd+Df9wpNWWVD8la+aLApKRiToONc=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
MIME-Version: 1.0
In-Reply-To: <55C8F556.30001@googlemail.com>
References: <CAPC3xaqq7VQm+1VCBuUz=GXKUZC7A4x3MmHxYCCTShiwqMmyuQ@mail.gmail.com>
	<55C8F556.30001@googlemail.com>
Date: Sat, 15 Aug 2015 11:01:35 -0700
Message-ID: <CAPC3xaqs+AYOKnogxGWV9v0KC-a9SnuZ2So=jaVAeZmBZZrvRg@mail.gmail.com>
Subject: Re: Fix BZ #18084 (backtrace(..., 0) crash on x86)
From: Paul Pluzhnikov <ppluzhnikov@gmail.com>
To: Tolga Dalman <tolga.dalman@googlemail.com>
Cc: GLIBC Devel <libc-alpha@sourceware.org>
Content-Type: multipart/mixed; boundary=001a113ec89cfd4eb0051d5d5be7

Commit Message

Paul Pluzhnikov Aug. 15, 2015, 6:01 p.m. UTC

On Mon, Aug 10, 2015 at 12:02 PM, Tolga Dalman
<tolga.dalman@googlemail.com> wrote:
> On 08/10/2015 02:04 AM, Paul Pluzhnikov wrote:
>> This patch fixes BZ #18084 -- crash in backtrace(..., 0) on x86.
>> Tested on Linux/x86, no new failures.
>
> That looks correct and should be applied to the other arches as well
> (I looked at x86_64 and arm).

Thanks. Revised patch attached.


2015-08-15  Paul Pluzhnikov  <ppluzhnikov@google.com>

        * debug/tst-backtrace2.c (do_test): Add test for BZ #18084.
        * sysdeps/arm/backtrace.c (__backtrace): Handle size == 0.
        * sysdeps/i386/backtrace.c (__backtrace): Likewise.
        * sysdeps/m68k/backtrace.c (__backtrace): Likewise.
        * sysdeps/microblaze/backtrace.c (__backtrace): Likewise.
        * sysdeps/s390/s390-32/backtrace.c (__backtrace): Likewise.
        * sysdeps/s390/s390-64/backtrace.c (__backtrace): Likewise.
        * sysdeps/sparc/backtrace.c (__backtrace): Likewise.
        * sysdeps/x86_64/backtrace.c (__backtrace): Likewise.

Comments

Tolga Dalman Aug. 15, 2015, 6:37 p.m. UTC | #1

On 08/15/2015 08:01 PM, Paul Pluzhnikov wrote:
> Thanks. Revised patch attached.
> 
> 
> 2015-08-15  Paul Pluzhnikov  <ppluzhnikov@google.com>
> 
>         * debug/tst-backtrace2.c (do_test): Add test for BZ #18084.
>         * sysdeps/arm/backtrace.c (__backtrace): Handle size == 0.
>         * sysdeps/i386/backtrace.c (__backtrace): Likewise.
>         * sysdeps/m68k/backtrace.c (__backtrace): Likewise.
>         * sysdeps/microblaze/backtrace.c (__backtrace): Likewise.
>         * sysdeps/s390/s390-32/backtrace.c (__backtrace): Likewise.
>         * sysdeps/s390/s390-64/backtrace.c (__backtrace): Likewise.
>         * sysdeps/sparc/backtrace.c (__backtrace): Likewise.
>         * sysdeps/x86_64/backtrace.c (__backtrace): Likewise.

LGTM. Thanks!

Roland McGrath Aug. 24, 2015, 9:21 p.m. UTC | #2

> 2015-08-15  Paul Pluzhnikov  <ppluzhnikov@google.com>
> 
	  [BZ #18084]
>         * debug/tst-backtrace2.c (do_test): Add test for BZ #18084.
>         * sysdeps/arm/backtrace.c (__backtrace): Handle size == 0.
>         * sysdeps/i386/backtrace.c (__backtrace): Likewise.
>         * sysdeps/m68k/backtrace.c (__backtrace): Likewise.
>         * sysdeps/microblaze/backtrace.c (__backtrace): Likewise.
>         * sysdeps/s390/s390-32/backtrace.c (__backtrace): Likewise.
>         * sysdeps/s390/s390-64/backtrace.c (__backtrace): Likewise.
>         * sysdeps/sparc/backtrace.c (__backtrace): Likewise.
>         * sysdeps/x86_64/backtrace.c (__backtrace): Likewise.

diff --git a/debug/tst-backtrace2.c b/debug/tst-backtrace2.c
index 846ca35..396d743 100644
--- a/debug/tst-backtrace2.c
+++ b/debug/tst-backtrace2.c
@@ -94,6 +94,12 @@  fn3 (void)
 NO_INLINE static int
 do_test (void)
 {
+  /* Test BZ #18084.  */
+  void *buffer[1];
+
+  if (backtrace (buffer, 0) != 0)
+    FAIL ();
+
   fn3 ();
   return ret;
 }
diff --git a/sysdeps/arm/backtrace.c b/sysdeps/arm/backtrace.c
index 7ab487c..5a30c20 100644
--- a/sysdeps/arm/backtrace.c
+++ b/sysdeps/arm/backtrace.c
@@ -92,6 +92,10 @@  __backtrace (array, size)
      int size;
 {
   struct trace_arg arg = { .array = array, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -100,8 +104,7 @@  __backtrace (array, size)
     return 0;
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   if (arg.cnt > 1 && arg.array[arg.cnt - 1] == NULL)
     --arg.cnt;
diff --git a/sysdeps/i386/backtrace.c b/sysdeps/i386/backtrace.c
index 550234f..f10ed56 100644
--- a/sysdeps/i386/backtrace.c
+++ b/sysdeps/i386/backtrace.c
@@ -114,6 +114,10 @@  __backtrace (array, size)
      int size;
 {
   struct trace_arg arg = { .array = array, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -122,8 +126,7 @@  __backtrace (array, size)
     return 0;
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   if (arg.cnt > 1 && arg.array[arg.cnt - 1] == NULL)
     --arg.cnt;
diff --git a/sysdeps/m68k/backtrace.c b/sysdeps/m68k/backtrace.c
index 3114251..ca7d259 100644
--- a/sysdeps/m68k/backtrace.c
+++ b/sysdeps/m68k/backtrace.c
@@ -111,6 +111,10 @@  int
 __backtrace (void **array, int size)
 {
   struct trace_arg arg = { .array = array, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -119,8 +123,7 @@  __backtrace (void **array, int size)
     return 0;
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   if (arg.cnt > 1 && arg.array[arg.cnt - 1] == NULL)
     --arg.cnt;
diff --git a/sysdeps/microblaze/backtrace.c b/sysdeps/microblaze/backtrace.c
index 24e827a..c043ba7 100644
--- a/sysdeps/microblaze/backtrace.c
+++ b/sysdeps/microblaze/backtrace.c
@@ -114,6 +114,9 @@  __backtrace (void **array, int size)
   int count;
   int rc = 0;
 
+  if (size <= 0)
+    return 0;
+
   __asm__ __volatile__ ("mfs %0, rpc"
                         : "=r"(pc));
 
diff --git a/sysdeps/s390/s390-32/backtrace.c b/sysdeps/s390/s390-32/backtrace.c
index 73db652..4e5e1fe 100644
--- a/sysdeps/s390/s390-32/backtrace.c
+++ b/sysdeps/s390/s390-32/backtrace.c
@@ -126,6 +126,10 @@  int
 __backtrace (void **array, int size)
 {
   struct trace_arg arg = { .array = array, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -135,8 +139,7 @@  __backtrace (void **array, int size)
     return __backchain_backtrace (array, size);
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   return arg.cnt != -1 ? arg.cnt : 0;
 }
diff --git a/sysdeps/s390/s390-64/backtrace.c b/sysdeps/s390/s390-64/backtrace.c
index 08e563e..184a737 100644
--- a/sysdeps/s390/s390-64/backtrace.c
+++ b/sysdeps/s390/s390-64/backtrace.c
@@ -125,6 +125,10 @@  int
 __backtrace (void **array, int size)
 {
   struct trace_arg arg = { .array = array, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -134,8 +138,7 @@  __backtrace (void **array, int size)
     return __backchain_backtrace (array, size);
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   return arg.cnt != -1 ? arg.cnt : 0;
 }
diff --git a/sysdeps/sparc/backtrace.c b/sysdeps/sparc/backtrace.c
index 754f45b..cb01fd6 100644
--- a/sysdeps/sparc/backtrace.c
+++ b/sysdeps/sparc/backtrace.c
@@ -108,7 +108,7 @@  __backtrace (void **array, int size)
   bool use_unwinder;
   int count;
 
-  if (!size)
+  if (size <= 0)
     return 0;
 
   use_unwinder = true;
diff --git a/sysdeps/x86_64/backtrace.c b/sysdeps/x86_64/backtrace.c
index 2a3848d..21448c8 100644
--- a/sysdeps/x86_64/backtrace.c
+++ b/sysdeps/x86_64/backtrace.c
@@ -97,6 +97,10 @@  __backtrace (array, size)
      int size;
 {
   struct trace_arg arg = { .array = array, .cfa = 0, .size = size, .cnt = -1 };
+
+  if (size <= 0)
+    return 0;
+
 #ifdef SHARED
   __libc_once_define (static, once);
 
@@ -105,8 +109,7 @@  __backtrace (array, size)
     return 0;
 #endif
 
-  if (size >= 1)
-    unwind_backtrace (backtrace_helper, &arg);
+  unwind_backtrace (backtrace_helper, &arg);
 
   /* _Unwind_Backtrace seems to put NULL address above
      _start.  Fix it up here.  */

Fix BZ #18084 (backtrace(..., 0) crash on x86)

Commit Message

Comments

Patch