Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check osthreadstate is not null before dereferencing #77

Merged
merged 2 commits into from
Feb 28, 2024
Merged

check osthreadstate is not null before dereferencing #77

merged 2 commits into from
Feb 28, 2024

Conversation

richardstartin
Copy link
Contributor

@richardstartin richardstartin commented Feb 28, 2024
edited
Loading

What does this PR do?:
In the original bug report, we had the following information:

Current thread (0x00007f665b5ef090):  Thread [stack: 0x00007f661685f000,0x00007f661695fa90] [id=0]

Stack: [0x00007f661685f000,0x00007f661695fa90],  sp=0x00007f661695ef30,  free space=1023k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [libjavaProfiler1675892613987672088.so+0x39634]  WallClock::signalHandler(int, siginfo_t*, void*, unsigned long long)+0x244


siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x00007f6632402020

Register to memory mapping:

RAX=0x00007f6632402010 points into unknown readable memory: 0x0000000000000000 | 00 00 00 00 00 00 00 00

Which shows that 0x00007f6632402010 (const char* osthread) points to null, so adding the thread state offset (_osthread_state_offset) to get 0x00007f6632402020 would produce a segfault when dereferencing. Instead of using SafeAccess::load32, which causes obscure crashes, we can check the pointer, but also check if the thread is even initialized before trying to access the OSThread* to make avoiding crashing here less racy.

Motivation:

Additional Notes:

How to test the change?:

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 28, 2024
edited
Loading

🔧 Report generated by pr-comment-cppcheck

CppCheck Report

Warnings (5)

Style Violations (164)

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 28, 2024
edited
Loading

🔧 Report generated by pr-comment-scanbuild

Scan-Build Report

User:runner@fv-az714-534
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 14.0.0-1ubuntu1.1
Date:Wed Feb 28 14:37:52 2024

Bug Summary

Bug TypeQuantityDisplay?
All Bugs6
Logic error
Assigned value is garbage or undefined1
Dereference of null pointer2
Result of operation is garbage or undefined1
Unused code
Dead initialization1
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Logic errorAssigned value is garbage or undefineddwarf.cppparseInstructions23520
Unused codeDead initializationlivenessTracker.cppcleanup_table451
Unused codeDead nested assignmentvmStructs.cppcheckNativeBinding8181
Logic errorDereference of null pointerflightRecorder.cppflush14108
Logic errorDereference of null pointersafeAccess.hload3518
Logic errorResult of operation is garbage or undefineddwarf.hgetSLeb14225

@richardstartin richardstartin force-pushed the rgs/check-thread-state-notnull branch 2 times, most recently from 695cb3f to ae42e84 Compare February 28, 2024 14:34
@richardstartin richardstartin force-pushed the rgs/check-thread-state-notnull branch from ae42e84 to 362d2e1 Compare February 28, 2024 14:36
@richardstartin richardstartin merged commit 390d8ce into main Feb 28, 2024
27 checks passed
@github-actions github-actions bot added this to the 0.97.0 milestone Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbachorik jbachorik jbachorik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.97.0
Development

Successfully merging this pull request may close these issues.
2 participants
@richardstartin @jbachorik