NetBSD Problem Report #53757

From www@NetBSD.org  Sat Dec  1 08:55:53 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 2066C7A156
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  1 Dec 2018 08:55:53 +0000 (UTC)
Message-Id: <20181201085552.0AE9A7A26C@mollari.NetBSD.org>
Date: Sat,  1 Dec 2018 08:55:52 +0000 (UTC)
From: phk@FreeBSD.org
Reply-To: phk@FreeBSD.org
To: gnats-bugs@NetBSD.org
Subject: backtrace(3) can return ~0
X-Send-Pr-Version: www-1.0

>Number:         53757
>Category:       lib
>Synopsis:       backtrace(3) can return ~0
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 01 09:00:00 +0000 2018
>Closed-Date:    Sat Apr 06 17:08:46 +0000 2024
>Last-Modified:  Sat Apr 06 17:08:46 +0000 2024
>Originator:     Poul-Henning Kamp
>Release:        Old bug
>Organization:
FreeBSD
>Environment:
any
>Description:
Copied from: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209842

(FreeBSD imported this code from NetBSD, so we should coordinate what the proper fix is)

The backtrace(3) function returns size_t which is unsigned:

     size_t
     backtrace(void **addrlist, size_t len);

And is documentet as returning:

   RETURN VALUES
     The backtrace() function returns the number of elements that were filled
     in the backtrace. [...]

The implementation in contrib/libexecinfo/unwind.c clearly knows that the return value can be all-ones:

        if (ctx.n != (size_t)~0 && ctx.n > 0)
                ctx.arr[--ctx.n] = NULL;        /* Skip frame below __start */

        return ctx.n;

This happens on a BeagleBoneBlack running

    10.3-STABLE FreeBSD 10.3-STABLE #0 r300092

I am not sure what the proper fix is here, nor for that matter what the problem might be that causes it to return the all-ones value in the first place.

But at the very least ctx.n should be slammed to zero before returning it, so the code calling backtrace(3) doesn't run off the end of the world.


>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: jakllsch@NetBSD.org
State-Changed-When: Sat, 06 Apr 2024 17:08:46 +0000
State-Changed-Why:
per https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209842 this was fixed in our src/lib/libexecinfo/unwind.c r1.5


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: gnats-precook-prs,v 1.4 2018/12/21 14:20:20 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.