[Bug 3584] New: Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=3584

            Bug ID: 3584
           Summary: Segfault when built with optimisations on macOS 13
                    (x86_64) with Xcode 14.3
           Product: Portable OpenSSH
           Version: 9.3p1
          Hardware: amd64
                OS: Mac OS X
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-b...@mindrot.org
          Reporter: carlo.antonio.cabr...@gmail.com

Building openssh 9.3p1 with `-Os` in CFLAGS on macOS 13 using Xcode 14
(with, e.g., `./configure && make install`) fails due to a segfault
when `make` runs `ssh-keygen -A`:

```
/bin/bash: line 1: 13268 Segmentation fault: 11  ./ssh-keygen -A
```

Here's what I get out of lldb using the just-built `ssh-keygen`:
```
❯ lldb -- ./ssh-keygen -A
(lldb) target create "./ssh-keygen"
Current executable set to
'/tmp/openssh-20230623-7195-4d1ep3/openssh-9.3p1/ssh-keygen' (x86_64).
(lldb) settings set -- target.run-args  "-A"
(lldb) r
Process 15308 launched:
'/tmp/openssh-20230623-7195-4d1ep3/openssh-9.3p1/ssh-keygen' (x86_64)
Process 15308 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x000000010000300e ssh-keygen`main(argc=0,
argv=0x0000000000000000) at ssh-keygen.c:3355:32 [opt]
   3352         /* Ensure that fds 0, 1 and 2 are open or directed to
/dev/null */
   3353         sanitise_stdfd();
   3354
-> 3355         __progname = ssh_get_progname(argv[0]);
   3356
   3357         seed_rng();
   3358
Target 0: (ssh-keygen) stopped.
warning: ssh-keygen was compiled with optimization - stepping may
behave oddly; variables may not be available.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x000000010000300e ssh-keygen`main(argc=0,
argv=0x0000000000000000) at ssh-keygen.c:3355:32 [opt]
    frame #1: 0x00007ff80f3fb41f dyld`start + 1903
(lldb) fr v argv
(char **) argv = 0x0000000000000000
```

I haven't worked out why `argv` is a null pointer, but that seems to be
what is happening.

Building openssh without any `-O` flags makes the segfault go away.

The segfault also does *not* occur on the following (even with `-Os`):
- macOS 13 on arm64 with Xcode 14.3
- macOS 12 on both x86_64 and arm64 with Xcode 14.2
- macOS 11 on both x86_64 and arm64 with Xcode 13.2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs