apr: fix off_t size can't match when configure and in target glibc when cross compiling#3
Closed
Nettoysfkf wants to merge 1 commit intoapache:trunkfrom
Nettoysfkf:trunk
Closed
apr: fix off_t size can't match when configure and in target glibc when cross compiling#3Nettoysfkf wants to merge 1 commit intoapache:trunkfrom Nettoysfkf:trunk
Nettoysfkf wants to merge 1 commit intoapache:trunkfrom
Nettoysfkf:trunk
Conversation
APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross compiling enable. So it was hardcoded for cross compiling, we should detect it dynamic based on the sysroot's glibc. We change it to the following: AC_CHECK_SIZEOF(off_t) Signed-off-by: DengkeDu <pinganddu90@gmail.com>
Member
|
Your submission confuses me. The same macro is repeatedly used in configure.in; The #includes should pick up the cross-sysroot include files. Specifically, how are you encountering problems with off_t alone? |
Author
|
Long time ago, when I cross compiling apr for 32bit machine, 64bit was ok. |
Contributor
|
Turns out on older submitted path handles all cases: https://bz.apache.org/bugzilla/show_bug.cgi?id=56053 Added to APR in r 1871980. |
asfgit
pushed a commit
that referenced
this pull request
Dec 16, 2020
apr_pools: lock parent pool in pool_destroy_debug().
By using apr_pool_clear_debug() instead of pool_clear_debug() in
pool_destroy_debug() we gain the locking provided by the former and thus
protection from concurrent access from apr_pool_walk_tree(), which is
undefined behaviour.
While pool_destroy_debug()=>apr_pool_clear_debug()=>pool_clear_debug() calls
pool_destroy_debug() for all the children pools, this does not cause a deadlock
because apr_pool_clear_debug() locks the parent pool only (not the pool itself)
and thus pool_destroy_debug(pool->child) locks the current pool with no issue.
This fixes use-after-free like the below in httpd (with -D APR_POOL_DEBUG):
=================================================================
==2026856==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600025acf0 at pc 0x7fe738f4c5be bp 0x7fe718598110 sp 0x7fe718598108
READ of size 8 at 0x60600025acf0 thread T51
#0 0x7fe738f4c5bd in apr_thread_mutex_lock locks/unix/thread_mutex.c:124
#1 0x7fe738f4e01c in apr_pool_walk_tree memory/unix/apr_pools.c:1505
#2 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#3 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#4 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#5 0x7fe738f5027c in apr_pool_find memory/unix/apr_pools.c:2291
#6 0x7fe738f14aba in apr_table_mergen tables/apr_tables.c:746
#7 0x5578ad926a25 in ap_set_keepalive /home/ylavic/src/apache/httpd/trunk/modules/http/http_protocol.c:309
#8 0x5578ad93933f in ap_http_header_filter /home/ylavic/src/apache/httpd/trunk/modules/http/http_filters.c:1376
#9 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#10 0x5578ad9a67f3 in ap_content_length_filter /home/ylavic/src/apache/httpd/trunk/server/protocol.c:2046
#11 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#12 0x5578ad9405ae in ap_byterange_filter /home/ylavic/src/apache/httpd/trunk/modules/http/byterange_filter.c:463
#13 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#14 0x7fe7330e398b in ap_headers_output_filter /home/ylavic/src/apache/httpd/trunk/modules/metadata/mod_headers.c:891
#15 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#16 0x7fe732e32dba in session_output_filter /home/ylavic/src/apache/httpd/trunk/modules/session/mod_session.c:501
#17 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#18 0x5578ad9c8ee5 in default_handler /home/ylavic/src/apache/httpd/trunk/server/core.c:5188
#19 0x5578ad9431bb in ap_run_handler /home/ylavic/src/apache/httpd/trunk/server/config.c:170
#20 0x5578ad944941 in ap_invoke_handler /home/ylavic/src/apache/httpd/trunk/server/config.c:444
#21 0x5578ad92cc23 in ap_process_async_request /home/ylavic/src/apache/httpd/trunk/modules/http/http_request.c:463
#22 0x5578ad924d7c in ap_process_http_async_connection /home/ylavic/src/apache/httpd/trunk/modules/http/http_core.c:158
#23 0x5578ad925410 in ap_process_http_connection /home/ylavic/src/apache/httpd/trunk/modules/http/http_core.c:252
#24 0x5578ad97e04d in ap_run_process_connection /home/ylavic/src/apache/httpd/trunk/server/connection.c:42
#25 0x7fe735c7ef79 in process_socket /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1097
#26 0x7fe735c856a0 in worker_thread /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:2386
#27 0x7fe738f7cef4 in dummy_worker threadproc/unix/thread.c:145
#28 0x7fe738e3eea6 in start_thread nptl/pthread_create.c:477
#29 0x7fe738d6ed4e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdd4e)
0x60600025acf0 is located 48 bytes inside of 64-byte region [0x60600025acc0,0x60600025ad00)
freed by thread T63 here:
#0 0x7fe7391ed277 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107277)
#1 0x7fe738f4e9e5 in pool_clear_debug memory/unix/apr_pools.c:1893
#2 0x7fe738f4ecb2 in pool_destroy_debug memory/unix/apr_pools.c:1956
#3 0x7fe738f4eeeb in apr_pool_destroy_debug memory/unix/apr_pools.c:2002
#4 0x5578ada2534b in ap_queue_info_push_pool /home/ylavic/src/apache/httpd/trunk/server/mpm_fdqueue.c:230
#5 0x7fe735c81412 in process_lingering_close /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1686
#6 0x7fe735c7f9bc in process_socket /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1255
#7 0x7fe735c856a0 in worker_thread /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:2386
#8 0x7fe738f7cef4 in dummy_worker threadproc/unix/thread.c:145
#9 0x7fe738e3eea6 in start_thread nptl/pthread_create.c:477
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1883751 13f79535-47bb-0310-9956-ffa450edef68
asfgit
pushed a commit
that referenced
this pull request
Dec 16, 2020
By using apr_pool_clear_debug() instead of pool_clear_debug() in
pool_destroy_debug() we gain the locking provided by the former and thus
protection from concurrent access from apr_pool_walk_tree(), which is
undefined behaviour.
While pool_destroy_debug()=>apr_pool_clear_debug()=>pool_clear_debug() calls
pool_destroy_debug() for all the children pools, this does not cause a deadlock
because apr_pool_clear_debug() locks the parent pool only (not the pool itself)
and thus pool_destroy_debug(pool->child) locks the current pool with no issue.
This fixes use-after-free like the below in httpd (with -D APR_POOL_DEBUG):
=================================================================
==2026856==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600025acf0 at pc 0x7fe738f4c5be bp 0x7fe718598110 sp 0x7fe718598108
READ of size 8 at 0x60600025acf0 thread T51
#0 0x7fe738f4c5bd in apr_thread_mutex_lock locks/unix/thread_mutex.c:124
#1 0x7fe738f4e01c in apr_pool_walk_tree memory/unix/apr_pools.c:1505
#2 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#3 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#4 0x7fe738f4e066 in apr_pool_walk_tree memory/unix/apr_pools.c:1511
#5 0x7fe738f5027c in apr_pool_find memory/unix/apr_pools.c:2291
#6 0x7fe738f14aba in apr_table_mergen tables/apr_tables.c:746
#7 0x5578ad926a25 in ap_set_keepalive /home/ylavic/src/apache/httpd/trunk/modules/http/http_protocol.c:309
#8 0x5578ad93933f in ap_http_header_filter /home/ylavic/src/apache/httpd/trunk/modules/http/http_filters.c:1376
#9 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#10 0x5578ad9a67f3 in ap_content_length_filter /home/ylavic/src/apache/httpd/trunk/server/protocol.c:2046
#11 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#12 0x5578ad9405ae in ap_byterange_filter /home/ylavic/src/apache/httpd/trunk/modules/http/byterange_filter.c:463
#13 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#14 0x7fe7330e398b in ap_headers_output_filter /home/ylavic/src/apache/httpd/trunk/modules/metadata/mod_headers.c:891
#15 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#16 0x7fe732e32dba in session_output_filter /home/ylavic/src/apache/httpd/trunk/modules/session/mod_session.c:501
#17 0x5578ad98f7bd in ap_pass_brigade /home/ylavic/src/apache/httpd/trunk/server/util_filter.c:783
#18 0x5578ad9c8ee5 in default_handler /home/ylavic/src/apache/httpd/trunk/server/core.c:5188
#19 0x5578ad9431bb in ap_run_handler /home/ylavic/src/apache/httpd/trunk/server/config.c:170
#20 0x5578ad944941 in ap_invoke_handler /home/ylavic/src/apache/httpd/trunk/server/config.c:444
#21 0x5578ad92cc23 in ap_process_async_request /home/ylavic/src/apache/httpd/trunk/modules/http/http_request.c:463
#22 0x5578ad924d7c in ap_process_http_async_connection /home/ylavic/src/apache/httpd/trunk/modules/http/http_core.c:158
#23 0x5578ad925410 in ap_process_http_connection /home/ylavic/src/apache/httpd/trunk/modules/http/http_core.c:252
#24 0x5578ad97e04d in ap_run_process_connection /home/ylavic/src/apache/httpd/trunk/server/connection.c:42
#25 0x7fe735c7ef79 in process_socket /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1097
#26 0x7fe735c856a0 in worker_thread /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:2386
#27 0x7fe738f7cef4 in dummy_worker threadproc/unix/thread.c:145
#28 0x7fe738e3eea6 in start_thread nptl/pthread_create.c:477
#29 0x7fe738d6ed4e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdd4e)
0x60600025acf0 is located 48 bytes inside of 64-byte region [0x60600025acc0,0x60600025ad00)
freed by thread T63 here:
#0 0x7fe7391ed277 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107277)
#1 0x7fe738f4e9e5 in pool_clear_debug memory/unix/apr_pools.c:1893
#2 0x7fe738f4ecb2 in pool_destroy_debug memory/unix/apr_pools.c:1956
#3 0x7fe738f4eeeb in apr_pool_destroy_debug memory/unix/apr_pools.c:2002
#4 0x5578ada2534b in ap_queue_info_push_pool /home/ylavic/src/apache/httpd/trunk/server/mpm_fdqueue.c:230
#5 0x7fe735c81412 in process_lingering_close /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1686
#6 0x7fe735c7f9bc in process_socket /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:1255
#7 0x7fe735c856a0 in worker_thread /home/ylavic/src/apache/httpd/trunk/server/mpm/event/event.c:2386
#8 0x7fe738f7cef4 in dummy_worker threadproc/unix/thread.c:145
#9 0x7fe738e3eea6 in start_thread nptl/pthread_create.c:477
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1883750 13f79535-47bb-0310-9956-ffa450edef68
asfgit
pushed a commit
that referenced
this pull request
Sep 10, 2021
This can happen in cprng_stream_ctx_make() on error paths, or at thread exit
with APR_CRYPTO_PRNG_PER_THREAD like the below.
Direct leak of 64 byte(s) in 8 object(s) allocated from:
#0 0x7efd954c7628 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107628)
#1 0x7efd921db6ca (<unknown module>)
#2 0x7efd952937a2 in apr_crypto_prng_create crypto/apr_crypto_prng.c:367
#3 0x7efd95292c1e in apr_crypto_random_thread_bytes crypto/apr_crypto_prng.c:218
#4 0x5611dbbb9440 in thread_func /home/yle/src/apache/apr/trunk.ro/test/testcrypto.c:2597
#5 0x7efd9537dd86 in dummy_worker threadproc/unix/thread.c:148
#6 0x7efd951efea6 in start_thread nptl/pthread_create.c:477
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1893201 13f79535-47bb-0310-9956-ffa450edef68
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In configure.in, it contains the following:
the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
compiling enable.
So it was hardcoded for cross compiling, we should detect it dynamic based on
the sysroot's glibc. We change it to the following:
Signed-off-by: DengkeDu pinganddu90@gmail.com