Just a comment the function choosenum is not safe, the rand() is not a good
PRG, i would use if it is possible arc4random in bsd/linux.
Best Regards,
Giorgio.
El lun., 22 jul. 2019 a las 9:12, jean-frederic clere (<jfcl...@gmail.com>)
escribió:
> On 18/07/2019 11:05, Rainer Jung wrote:
> > Hi Jean-Frederic and Rémy,
> >
> > I do not have a real answer, but a workaround. It is possible to get the
> > same result without any printf style functions or atoi, just by doing
> > arithmetics. But: maybe then the crash simply moves to another position.
>
> That is what happened, I have now:
> +++
> Thread 20 "apr-8443-exec-2" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffaf7fe700 (LWP 11074)]
> 0x000000000169aa0d in free ()
> Missing separate debuginfos, use: dnf debuginfo-install
> sssd-client-2.2.0-3.fc30.x86_64 zlib-1.2.11-15.fc30.x86_64
> (gdb) bt
> #0 0x000000000169aa0d in free ()
> #1 0x00000000016956cd in _dlerror_run ()
> #2 0x000000000169528d in __dlsym ()
> +++
>
> >
> > In src/ssl.c you can use:
> >
> > static int ssl_rand_choosenum(int l, int h)
> > {
> > double dbl;
> > int i;
> >
> > dbl = 1.0 * (rand() % RAND_MAX) * (h - l);
> > i = (dbl / RAND_MAX + 0.5) + 1;
> > if (i < l) i = l;
> > if (i > h) i = h;
> > return i;
> > }
> >
> > This will also be much faster.
>
> Cool, Please commit the improvement ;-)
>
> >
> > I tested the formula against the original one for each value of l and h
> > Note, that currently the function is always called with l==0 and h==127!
> > So you could also drop the h and l params and use fixed values, but of
> > course would loose future flexibility.
> >
> > between 0 and 499 (and h>=l) and for each seed between 0 and 499 on twi
> > different architectures (Linux 64 Bit on x64 and Solaris Sparc 32 Bit).
> > You can run the following test program to convince yourself about the
> > formula correctness on your platform:
> >
> > #include <stdlib.h>
> > #include <stdio.h>
> >
> > #define MAX_SEED 500
> > #define MAX_BOUNDARY 500
> > #define FEEDBACK 100000
> >
> > int main ()
> > {
> > int seed;
> > int l;
> > int h;
> > int i1;
> > int i2;
> > int rand_orig;
> > int rand_reduced;
> > double rand_normalized;
> > double rand_prod;
> > char buf[50];
> > long count = 0;
> >
> > fprintf(stdout, "RAND_MAX is %d\n", RAND_MAX);
> > fprintf(stdout, "Number of tests to run: %ld\n",
> > 1L*MAX_BOUNDARY*MAX_BOUNDARY/2*MAX_SEED);
> > fprintf(stdout, "Feedback dot every %d tests\n", FEEDBACK);
> > fprintf(stdout, "Expect %d feedback dots\n",
> > 1L*MAX_BOUNDARY*MAX_BOUNDARY/2*MAX_SEED / FEEDBACK);
> >
> > fprintf(stdout,
> > "l\th\tseed\trand\tred\tnorm\torig\tnew\tprod\tround\n");
> > fflush(stdout);
> >
> > for (seed = 0; seed < MAX_SEED; seed++) {
> > srand(seed);
> > for (l = 0; l < MAX_BOUNDARY; l++) {
> > for (h = l; h < MAX_BOUNDARY; h++) {
> > rand_orig = rand();
> > rand_reduced = rand_orig % RAND_MAX;
> >
> > rand_normalized = ((double)rand_reduced / RAND_MAX) * (h
> > - l);
> > /* %.0f does rounding */
> > sprintf(buf, "%.0f", rand_normalized);
> > i1 = atoi(buf) + 1;
> > if (i1 < l) i1 = l;
> > if (i1 > h) i1 = h;
> >
> > rand_prod = 1.0 * rand_reduced * (h - l);
> > i2 = (rand_prod / RAND_MAX + 0.5) + 1;
> > if (i2 < l) i2 = l;
> > if (i2 > h) i2 = h;
> >
> > if (i1 != i2) {
> > fprintf(stdout,
> "%d\t%d\t%d\t%d\t%d\t%f\t%d\t%d\t%f\n",
> > l, h, seed, rand_orig, rand_reduced,
> > rand_normalized,
> > i1, i2, rand_prod);
> > }
> > count++;
> > if (count % FEEDBACK == 0) {
> > fprintf(stderr, ".");
> > fflush(stderr);
> > }
> > }
> > }
> > }
> > }
> >
> > Regards,
> >
> > Rainer
> >
> > Am 18.07.2019 um 08:57 schrieb jean-frederic clere:
> >> On 12/07/2019 11:21, Rémy Maucherat wrote:
> >>> On Thu, Jul 11, 2019 at 11:01 PM Rainer Jung <rainer.j...@kippdata.de
> >>> <mailto:rainer.j...@kippdata.de>> wrote:
> >>>
> >>> Am 11.07.2019 um 22:10 schrieb Rémy Maucherat:
> >>> > On Thu, Jul 11, 2019 at 8:42 PM Rainer Jung
> >>> <rainer.j...@kippdata.de <mailto:rainer.j...@kippdata.de>
> >>> > <mailto:rainer.j...@kippdata.de
> >>> <mailto:rainer.j...@kippdata.de>>>
> >>> wrote:
> >>> >
> >>> > Hi Rémy,
> >>> >
> >>> > When one looks up the macros in native/include/tcn.h, this
> >>> boils
> >>> > down to
> >>> > the following returning null:
> >>> >
> >>> > (*env)->FindClass(env, "org/apache/tomcat/jni/FileInfo")
> >>> >
> >>> > So our own FileInfo class can not be found. FindClass docs
> >>> indicate its
> >>> > searched in the CLASSPATH although I'm not sure whether its
> >>> really the
> >>> > classpath or some search paths of a class loader hierarchy.
> >>> >
> >>> > You might want to add the JVM commandline flag
> >>> "-verbose:class" for any
> >>> > easy way to track class loading.
> >>> >
> >>> > I didn't really grok what you meant with "define in JNI
> >>> configuration".
> >>> > For normal JVMs the code just works, so what might be
> special
> >>> for Graal
> >>> > that org.apache.tomcat.jni.FileInfo can't be found?
> >>> >
> >>> >
> >>> > A Graal native image is indeed not a normal JVM and does not
> >>> support any
> >>> > kind of dynamic class loading, it has to be declared first in
> >>> these
> >>> > configuration files.
> >>>
> >>> Ah OK.
> >>>
> >>> > So I am adding this to the jni one:
> >>> > { "name":"org.apache.tomcat.jni.FileInfo" },
> >>> > { "name":"org.apache.tomcat.jni.Sockaddr" },
> >>> > { "name":"org.apache.tomcat.jni.FileInfo" },
> >>>
> >>> Again FileInfo? I think instead "org.apache.tomcat.jni.Error"
> >>> should be
> >>> the third one.
> >>>
> >>> > { "name":"java.lang.String", "methods" :
> >>> >
> >>>
> >>>
> [{"name":"<init>","parameterTypes":["byte[]"]},{"name":"getBytes","parameterTypes":[]}]
> >>>
> >>>
> >>> > }
> >>> > And loading now works.
> >>> > Jul 11, 2019 9:39:28 PM
> >>> org.apache.catalina.core.AprLifecycleListener
> >>> > lifecycleEvent
> >>> > INFO: Loaded APR based Apache Tomcat Native library [1.2.23]
> >>> using
> >>> APR
> >>> > version [1.6.5].
> >>> > Jul 11, 2019 9:39:28 PM
> >>> org.apache.catalina.core.AprLifecycleListener
> >>> > lifecycleEvent
> >>> > INFO: APR capabilities: IPv6 [true], sendfile [true], accept
> >>> filters
> >>> > [false], random [true].
> >>> > Jul 11, 2019 9:39:28 PM
> >>> org.apache.catalina.core.AprLifecycleListener
> >>> > lifecycleEvent
> >>> > INFO: APR/OpenSSL configuration: useAprConnector [false],
> >>> useOpenSSL [true]
> >>> > Jul 11, 2019 9:39:28 PM
> >>> org.apache.catalina.core.AprLifecycleListener
> >>> > initializeSSL
> >>> > INFO: OpenSSL successfully initialized [OpenSSL 1.1.1c FIPS 28
> >>> May 2019]
> >>> >
> >>> > However when trying to actually connect I got:
> >>> > Segmentation fault (core dumped)
> >>> >
> >>> > Oops.
> >>>
> >>> If the above duplicate class was just a copy and paste typo, but
> >>> you
> >>> had
> >>> it right in your actual work, the next one could try, would be
> >>> activating writing core dumps in the underlying OS. The
> >>> resulting core
> >>> should be inspectable depending on OS via gdb or similar tools.
> The
> >>> simplest gdb invocation would be
> >>>
> >>> gdb /path/to/my/bin/java /path/to/my/corefile
> >>>
> >>> and then at the gdb prompt the command
> >>>
> >>> bt
> >>>
> >>> or
> >>>
> >>> bt full
> >>>
> >>> or
> >>>
> >>> thread apply all bt
> >>>
> >>> or
> >>>
> >>> thread apply all bt full
> >>>
> >>> That way we should at least see, in which function the crash
> >>> happens.
> >>> Depending on symbols etc. you might even get line numbers.
> >>>
> >>>
> >>> In the native code, it crashes on:
> >>>
> https://github.com/apache/tomcat-native/blob/master/native/src/ssl.c#L635
> >>>
> >>>
> >>> I modified the code to:
> >>> double d = (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l));
> >>> apr_snprintf(buf, sizeof(buf), "%.0f", d);
> >>>
> >>> And it cores on the apr_snprintf. I don't see how it is unsafe though.
> >>>
> >>> Rémy
> >>>
> >>
> >> I also have the same core using the AprConnector I can't really see what
> >> is wrong there.
> >>
> >> gdb doesn't really help :-( I have replaced the apr_snprintf by snprintf
> >> and I also have a core:
> >> +++
> >> Thread 19 "apr-8443-exec-1" received signal SIGSEGV, Segmentation fault.
> >> [Switching to Thread 0x7fffaffff700 (LWP 24724)]
> >> 0x00007ffff792e41a in __GI___printf_fp_l (fp=<optimized out>,
> >> loc=<optimized out>, info=<optimized out>, args=<optimized out>) at
> >> ../include/ctype.h:53
> >> 53 return __libc_tsd_address (const int32_t *, CTYPE_TOLOWER);
> >> Missing separate debuginfos, use: dnf debuginfo-install
> >> sssd-client-2.2.0-3.fc30.x86_64 zlib-1.2.11-15.fc30.x86_64
> >> (gdb) bt
> >> #0 0x00007ffff792e41a in __GI___printf_fp_l (fp=<optimized out>,
> >> loc=<optimized out>, info=<optimized out>, args=<optimized out>) at
> >> ../include/ctype.h:53
> >> #1 0x00007ffff7946f71 in __vfprintf_internal (s=0x7fffafffe660,
> >> format=0x7ffff7ff05f7 "%.0f", ap=0x7fffafffe7e0, mode_flags=<optimized
> >> out>) at vfprintf-internal.c:1644
> >> #2 0x00007ffff7959f8a in __vsnprintf_internal (string=0x7ffff7ffa2a0
> >> <buf> "", maxlen=<optimized out>, format=0x7ffff7ff05f7 "%.0f",
> >> args=0x7fffafffe7e0, mode_flags=0) at vsnprintf.c:114
> >> #3 0x00007ffff7933386 in __GI___snprintf (s=<optimized out>,
> >> maxlen=<optimized out>, format=<optimized out>) at snprintf.c:31
> >> #4 0x00007ffff7fe6ea4 in ssl_rand_choosenum (l=0, h=127) at
> >> src/ssl.c:720
> >> +++
> >> Suggestions?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>
>
> --
> Cheers
>
> Jean-Frederic
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
--
Life is a chess game - Anonymous.
