group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #14453
[Bug 1697501] Re: ksh segfault on job_chksave () after it receive a SIGCHLD (Signal 17)
I have also reported a bug / submitted the patch to Debian upstream via
:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867181
- Eric
** Bug watch added: Debian Bug tracker #867181
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867181
** Also affects: ksh (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867181
Importance: Unknown
Status: Unknown
** Description changed:
[Impact]
* The compiler optimization dropped parts from the ksh job
locking mechanism from the binary code. As a consequence, ksh could terminate
unexpectedly with a segmentation fault after it received the SIGCHLD signal.
[Test Case]
Unfortunately, there is no clear and easy way to reproduce the
segfault.
* But the original reporter of this bug can randomly reproduce the
problem using an in-house ksh script that only works inside his
infrastructure as follow : "ksh <in-house-script.ksh>" and then once in
a while ksh will segfault as follow :
(gdb) bt
#0 job_chksave (pid=pid@entry=19003) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:1948
#1 0x00000000004282ab in job_reap (sig=17) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:428
#2 <signal handler called>
...
[Regression Potential]
* This update implements a fix to ensure the compiler does not drop
parts of the ksh mechanism for the crash to no longer occurs.
* The fix has been written by RH and has been proven to work for them
for the last 3 years.
Note that the RH fix has never been merged upstream (ksh is a
unmaintained project) and/or possibly never been proposed to upstream
(to be verified).
+
+ * A test package including the RH fix has been tested and verified
+ (pre-SRU) by an affected user with positive feedbacks using his
+ reproducer.
+
+ * Feedbacks :
+ "I've confirmed that our users have not had a single occurrence of core dump on ksh with the patched package. They have run the script sequence over 3000 times since we updated with no issues."
+
[Other Info]
* ksh project is unmaintained nowadays [https://github.com/att/ast],
thus no new development is made upstream nor in debian upstream.
* Details about the RH bug :
--
- https://bugzilla.redhat.com/show_bug.cgi?id=1123467
- https://bugzilla.redhat.com/show_bug.cgi?id=1112306
- https://access.redhat.com/solutions/1253243
- http://rhn.redhat.com/errata/RHBA-2014-1015.html
# ksh.spec
Fri Jul 25 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-10.8
- job locking mechanism did not survive compiler optimization (#1123467)
# patch
- ksh-20120801-locking.patch
--
[Original Description]
# gdb
[New LWP 3882]
Core was generated by `/bin/ksh <KSH_SCRIPT>.ksh'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 job_chksave (pid=pid@entry=19385) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:1948
1948 if(jp->pid==pid)
(gdb) p *jp
Cannot access memory at address 0xb
(gdb) p *jp->pid
Cannot access memory at address 0x13
(gdb) p pid
$2 = 19385
(gdb) p *jpold
$1 = {next = 0xb, pid = -604008960, exitval = 11124}
The struct is corrupted at some point looking at the next,pid and
exitval struct members values which isn't valid data.
# assembly code
=> 0x0000000000427159 <+41>: cmp %edi,0x8(%rdx)
(gdb) p $edi ## pid variable
$1 = 19385
(gdb) p *($rdx + 8) ## jp->pid struct
Cannot access memory at address 0x13
--
ksh is segfaulting because it can't access struct "jp" ($rdx) thus
cannot de-reference the struct member "jp>pid" ($rdx + 8) at line :
src/cmd/ksh93/sh/jobs.c:1948 when looking if jp->pid is equal to pid
($edi) variable.
I have looked at the github project "att/ast" upstream repo and some
patches here and there, and nothing seems to apply.
Note that the project seems unmaintained nowadays.
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1697501
Title:
ksh segfault on job_chksave () after it receive a SIGCHLD (Signal 17)
Status in ksh package in Ubuntu:
In Progress
Status in ksh source package in Trusty:
In Progress
Status in ksh source package in Xenial:
In Progress
Status in ksh source package in Yakkety:
In Progress
Status in ksh source package in Zesty:
In Progress
Status in ksh source package in Artful:
In Progress
Status in ksh package in Debian:
Unknown
Bug description:
[Impact]
* The compiler optimization dropped parts from the ksh job
locking mechanism from the binary code. As a consequence, ksh could terminate
unexpectedly with a segmentation fault after it received the SIGCHLD signal.
[Test Case]
Unfortunately, there is no clear and easy way to reproduce the
segfault.
* But the original reporter of this bug can randomly reproduce the
problem using an in-house ksh script that only works inside his
infrastructure as follow : "ksh <in-house-script.ksh>" and then once
in a while ksh will segfault as follow :
(gdb) bt
#0 job_chksave (pid=pid@entry=19003) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:1948
#1 0x00000000004282ab in job_reap (sig=17) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:428
#2 <signal handler called>
...
[Regression Potential]
* This update implements a fix to ensure the compiler does not drop
parts of the ksh mechanism for the crash to no longer occurs.
* The fix has been written by RH and has been proven to work for them
for the last 3 years.
Note that the RH fix has never been merged upstream (ksh is a
unmaintained project) and/or possibly never been proposed to upstream
(to be verified).
* A test package including the RH fix has been tested and verified
(pre-SRU) by an affected user with positive feedbacks using his
reproducer.
* Feedbacks :
"I've confirmed that our users have not had a single occurrence of core dump on ksh with the patched package. They have run the script sequence over 3000 times since we updated with no issues."
[Other Info]
* ksh project is unmaintained nowadays [https://github.com/att/ast],
thus no new development is made upstream nor in debian upstream.
* Details about the RH bug :
--
- https://bugzilla.redhat.com/show_bug.cgi?id=1123467
- https://bugzilla.redhat.com/show_bug.cgi?id=1112306
- https://access.redhat.com/solutions/1253243
- http://rhn.redhat.com/errata/RHBA-2014-1015.html
# ksh.spec
Fri Jul 25 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-10.8
- job locking mechanism did not survive compiler optimization (#1123467)
# patch
- ksh-20120801-locking.patch
--
[Original Description]
# gdb
[New LWP 3882]
Core was generated by `/bin/ksh <KSH_SCRIPT>.ksh'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 job_chksave (pid=pid@entry=19385) at /build/ksh-6IEHIC/ksh-93u+20120801/src/cmd/ksh93/sh/jobs.c:1948
1948 if(jp->pid==pid)
(gdb) p *jp
Cannot access memory at address 0xb
(gdb) p *jp->pid
Cannot access memory at address 0x13
(gdb) p pid
$2 = 19385
(gdb) p *jpold
$1 = {next = 0xb, pid = -604008960, exitval = 11124}
The struct is corrupted at some point looking at the next,pid and
exitval struct members values which isn't valid data.
# assembly code
=> 0x0000000000427159 <+41>: cmp %edi,0x8(%rdx)
(gdb) p $edi ## pid variable
$1 = 19385
(gdb) p *($rdx + 8) ## jp->pid struct
Cannot access memory at address 0x13
--
ksh is segfaulting because it can't access struct "jp" ($rdx) thus
cannot de-reference the struct member "jp>pid" ($rdx + 8) at line :
src/cmd/ksh93/sh/jobs.c:1948 when looking if jp->pid is equal to pid
($edi) variable.
I have looked at the github project "att/ast" upstream repo and some
patches here and there, and nothing seems to apply.
Note that the project seems unmaintained nowadays.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ksh/+bug/1697501/+subscriptions
