[Libunwind-devel] Segmentation fault while trying to access an address in a PROT_NONE page

[Johannes Ziegenbalg]

Hello everybody.

While sampling with one of our tools I sometimes come across this bug.
If a sample is triggered, presumably while resolving a symbol of a
shared library, a SIGSEGV occurs.

As libunwind is iterating up the stack, it checks if the address at #20
(backtrace.txt) is accessible. But it's corresponding page is mapped
with the PROT_NONE property which is usually used for guard pages.
Since the memory is mapped correctly, calls to mincore() or msync()
succeed, stating that the address is valid. But what they don't test is
the actual accessibility of the address.

Me and a colleague of mine are not sure if it's even a valid address or
a bug of some other library. I however attached a test case to
reproduce the error (access_mem_test.c) and a possible patch that adds
the necessary accessibility test.
This test uses write() to check if the value at an address can be
written to a pipe. If the address is not accessible the write fails but
doesn't raise a signal. 

I'm certain, that the patch needs one or two more iterations e.g. the
pipe needs to be closed somewhere. Maybe you guys can help me out!


Best regards,
-- 
Dipl.-Inf. Johannes Ziegenbalg
Research Assistant

Technische Universität Dresden, Germany
Center for Information Services and High Performance Computing (ZIH)
Tel.: +49 (351) 463-42417
E-Mail: address@hidden

backtrace.txt
Description: Text document

access_mem_test.c
Description: Text Data

0001-PATCH-x86_64-fix-mincore_validate-and-msync_validate.patch
Description: Text Data

smime.p7s
Description: S/MIME cryptographic signature