https://bugs.exim.org/show_bug.cgi?id=2580
Bug ID: 2580 Summary: sljit protexecallocator workaround to bug when fork() Product: PCRE Version: 10.35 (PCRE2) Hardware: All OS: NetBSD Status: NEW Severity: bug Priority: medium Component: Code Assignee: p...@hermes.cam.ac.uk Reporter: care...@gmail.com CC: pcre-dev@exim.org the new implementation in 10.35 (since r1234), using mremap(MAP_REMAPDUP) triggers a bug tracked in lib/55177[1], where the two related maps will disconnect after a fork(), with the possibility that a JIT compiled function would no longer be visible and result in a crash with a backtrace like (the relevant frames are the top 4) : #0 0x00007f7ff7eee570 in ?? () #1 0x0000709d57e1b9aa in jit_machine_stack_exec (arguments=arguments@entry=0x7f7fff77a9f0, executable_func=<optimized out>) at src/pcre2_jit_match.c:57 #2 0x0000709d57e45d11 in pcre2_jit_match_16 (code=code@entry=0x709d60747500, subject=subject@entry=0x709d5fbec798, length=length@entry=190, start_offset=start_offset@entry=0, options=options@entry=0, match_data=0x709d5fb97d80, mcontext=mcontext@entry=0x709d5fb11860) at src/pcre2_jit_match.c:168 #3 0x0000709d57e46d84 in pcre2_match_16 (code=code@entry=0x709d60747500, subject=subject@entry=0x709d5fbec798, length=<optimized out>, length@entry=190, start_offset=start_offset@entry=0, options=<optimized out>, options@entry=0, match_data=match_data@entry=0x709d5fb97d80, mcontext=<optimized out>, mcontext@entry=0x709d5fb11860) at src/pcre2_match.c:6345 #4 0x0000709d5e937163 in safe_pcre2_match_16 (code=0x709d60747500, subject=0x709d5fbec798, length=length@entry=190, startOffset=startOffset@entry=0, options=options@entry=0, matchData=matchData@entry=0x709d5fb97d80, matchContext=matchContext@entry=0x709d5fb11860) at text/qregularexpression.cpp:1184 #5 0x0000709d5e93ab42 in QRegularExpressionPrivate::doMatch (this=0x709d5fb13150, subject=..., subjectStart=subjectStart@entry=0, subjectLength=190, offset=offset@entry=0, matchType=matchType@entry=QRegularExpression::NormalMatch, matchOptions=..., matchOptions@entry=..., checkSubjectStringOption=checkSubjectStringOption@entry=QRegularExpressionPrivate::CheckSubjectString, previous=previous@entry=0x0) at text/qregularexpression.cpp:1284 #6 0x0000709d5e93ad89 in QRegularExpression::match (this=this@entry=0x7f7fff7800b8, subject=..., offset=offset@entry=0, matchType=matchType@entry=QRegularExpression::NormalMatch, matchOptions=...) at ../../include/QtCore/../../src/corelib/text/qstring.h:1027 #7 0x0000709d5e93adf5 in QRegularExpression::globalMatch (this=this@entry=0x7f7fff7800b8, subject=..., offset=offset@entry=0, matchType=matchType@entry=QRegularExpression::NormalMatch, matchOptions=matchOptions@entry=...) at text/qregularexpression.cpp:1738 #8 0x0000709d5e92de3a in QString::replace (this=this@entry=0x7f7fff7800b0, re=..., after=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:118 #9 0x000000000046ab4e in PasswordGeneratorWidget::colorStrengthIndicator (this=this@entry=0x709d6068dd30, entropy=entropy@entry=107.12801348301193) at /usr/pkg/qt5/include/QtCore/qstring.h:794 #10 0x000000000046b228 in PasswordGeneratorWidget::updatePasswordStrength (this=0x709d6068dd30, password=...) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:278 #11 0x000000000047e86f in PasswordGeneratorWidget::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized out>) at /scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/DMHXEJ42XS/moc_PasswordGeneratorWidget.cpp:143 #12 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5ff0bc60, signal_index=7, argv=0x7f7fff7802b0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395 #13 0x0000709d5ea49c87 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x709d618bda20 <QLineEdit::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7f7fff7802b0) at kernel/qobject.cpp:3930 #14 0x0000709d612968e9 in QLineEdit::textChanged (this=<optimized out>, _t1=...) at .moc/moc_qlineedit.cpp:447 #15 0x0000709d6129d581 in QLineEdit::qt_static_metacall (_o=0x709d5ff0bc60, _c=<optimized out>, _id=<optimized out>, _a=0x7f7fff780430) at .moc/moc_qlineedit.cpp:255 #16 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d603f8f00, signal_index=6, argv=0x7f7fff780430) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395 #17 0x0000709d5ea49c87 in QMetaObject::activate (sender=sender@entry=0x709d603f8f00, m=m@entry=0x709d618bdae0 <QWidgetLineControl::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7f7fff780430) at kernel/qobject.cpp:3930 #18 0x0000709d6129e1f6 in QWidgetLineControl::textChanged (this=this@entry=0x709d603f8f00, _t1=...) at .moc/moc_qwidgetlinecontrol_p.cpp:273 #19 0x0000709d612a1b7f in QWidgetLineControl::finishChange (this=this@entry=0x709d603f8f00, validateFromState=validateFromState@entry=-1, update=update@entry=true, edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:736 #20 0x0000709d612a1e94 in QWidgetLineControl::internalSetText (this=this@entry=0x709d603f8f00, txt=..., pos=pos@entry=-1, edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:772 #21 0x0000709d612943ec in QWidgetLineControl::setText (txt=..., this=0x709d603f8f00) at ../../include/QtWidgets/5.14.2/QtWidgets/private/../../../../../src/widgets/widgets/qwidgetlinecontrol_p.h:251 #22 QLineEditPrivate::setText (this=<optimized out>, text=...) at widgets/qlineedit_p.cpp:276 #23 0x0000709d612985c5 in QLineEdit::setText (this=<optimized out>, text=...) at widgets/qlineedit.cpp:318 #24 0x000000000046b36a in PasswordGeneratorWidget::regeneratePassword (this=0x709d6068dd30) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:248 #25 0x000000000046b737 in PasswordGeneratorWidget::updateGenerator (this=0x709d6068dd30) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/PasswordGeneratorWidget.cpp:592 #26 0x000000000047e7cf in PasswordGeneratorWidget::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized out>) at /scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/DMHXEJ42XS/moc_PasswordGeneratorWidget.cpp:152 #27 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5fb67be0, signal_index=7, argv=0x7f7fff780720) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395 #28 0x0000709d5ea49c87 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x709d618bda20 <QLineEdit::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7f7fff780720) at kernel/qobject.cpp:3930 #29 0x0000709d612968e9 in QLineEdit::textChanged (this=<optimized out>, _t1=...) at .moc/moc_qlineedit.cpp:447 #30 0x0000709d6129d581 in QLineEdit::qt_static_metacall (_o=0x709d5fb67be0, _c=<optimized out>, _id=<optimized out>, _a=0x7f7fff7808a0) at .moc/moc_qlineedit.cpp:255 #31 0x0000709d5eb4efcd in doActivate<false> (sender=0x709d5fafd700, signal_index=6, argv=0x7f7fff7808a0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:395 #32 0x0000709d5ea49c87 in QMetaObject::activate (sender=sender@entry=0x709d5fafd700, m=m@entry=0x709d618bdae0 <QWidgetLineControl::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7f7fff7808a0) at kernel/qobject.cpp:3930 #33 0x0000709d6129e1f6 in QWidgetLineControl::textChanged (this=this@entry=0x709d5fafd700, _t1=...) at .moc/moc_qwidgetlinecontrol_p.cpp:273 #34 0x0000709d612a1b7f in QWidgetLineControl::finishChange (this=this@entry=0x709d5fafd700, validateFromState=validateFromState@entry=-1, update=update@entry=true, edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:736 #35 0x0000709d612a1e94 in QWidgetLineControl::internalSetText (this=this@entry=0x709d5fafd700, txt=..., pos=pos@entry=-1, edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:772 #36 0x0000709d612943ec in QWidgetLineControl::setText (txt=..., this=0x709d5fafd700) at ../../include/QtWidgets/5.14.2/QtWidgets/private/../../../../../src/widgets/widgets/qwidgetlinecontrol_p.h:251 #37 QLineEditPrivate::setText (this=<optimized out>, text=...) at widgets/qlineedit_p.cpp:276 #38 0x0000709d612985c5 in QLineEdit::setText (this=this@entry=0x709d5fb67be0, text=...) at widgets/qlineedit.cpp:318 #39 0x0000000000469002 in PasswordGeneratorWidget::PasswordGeneratorWidget (this=0x709d6068dd30, parent=<optimized out>) at /usr/pkg/qt5/include/QtCore/qstring.h:794 #40 0x00000000005c9488 in Ui_EditEntryWidgetMain::setupUi (this=0x709d628c33e0, EditEntryWidgetMain=0x709d603f4540) at /scratch/security/keepassxc/work/keepassxc-2.5.4/build/src/keepassx_core_autogen/include/ui_EditEntryWidgetMain.h:88 #41 0x0000000000518b69 in EditEntryWidget::setupMain (this=this@entry=0x709d5fba2e80) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/entry/EditEntryWidget.cpp:147 #42 0x00000000005193b6 in EditEntryWidget::EditEntryWidget (this=0x709d5fba2e80, parent=<optimized out>) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/entry/EditEntryWidget.cpp:103 #43 0x00000000004f6cc3 in DatabaseWidget::DatabaseWidget (this=0x709d619d1a40, db=..., parent=<optimized out>) at /usr/pkg/qt5/include/QtCore/qsharedpointer_impl.h:682 #44 0x00000000004ee599 in DatabaseTabWidget::addDatabaseTab (this=0x709d6297ce00, filePath=..., inBackground=inBackground@entry=false, password=..., keyfile=...) at /usr/include/g++/new:169 #45 0x000000000045cdec in MainWindow::openDatabase (this=this@entry=0x7f7fff780d28, filePath=..., password=..., keyfile=...) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/gui/MainWindow.cpp:574 #46 0x000000000044dbe8 in Bootstrap::restoreMainWindowState (mainWindow=...) at /usr/pkg/qt5/include/QtCore/qarraydata.h:257 #47 0x00000000005708dc in main (argc=<optimized out>, argv=<optimized out>) at /scratch/security/keepassxc/work/keepassxc-2.5.4/src/main.cpp:138 a "fix" was committed in sljit upstream[2] but wasn't included with the update of sljit before the release. [1] https://mail-index.netbsd.org/netbsd-bugs/2020/04/15/msg067149.html [2] https://github.com/zherczeg/sljit/commit/83f4525687fc5c8bc215dcfd0017f38f64f48744 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev