1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
This is backported patch from upstream commit for version 6.2.7 which fixes CVE-2022-3647.
Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3
Bug: https://bugs.gentoo.org/877863
diff --git a/src/debug.c b/src/debug.c
index 71ef51f8b..40fffec52 100644
--- a/src/debug.c
+++ b/src/debug.c
@@ -1019,61 +1019,88 @@ void bugReportStart(void) {
}
#ifdef HAVE_BACKTRACE
-static void *getMcontextEip(ucontext_t *uc) {
+
+/* Returns the current eip and set it to the given new value (if its not NULL) */
+static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
+#define NOT_SUPPORTED() do {\
+ UNUSED(uc);\
+ UNUSED(eip);\
+ return NULL;\
+} while(0)
+#define GET_SET_RETURN(target_var, new_val) do {\
+ void *old_val = (void*)target_var; \
+ if (new_val) { \
+ void **temp = (void**)&target_var; \
+ *temp = new_val; \
+ } \
+ return old_val; \
+} while(0)
#if defined(__APPLE__) && !defined(MAC_OS_X_VERSION_10_6)
/* OSX < 10.6 */
#if defined(__x86_64__)
- return (void*) uc->uc_mcontext->__ss.__rip;
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
#elif defined(__i386__)
- return (void*) uc->uc_mcontext->__ss.__eip;
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
#else
- return (void*) uc->uc_mcontext->__ss.__srr0;
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__srr0, eip);
#endif
#elif defined(__APPLE__) && defined(MAC_OS_X_VERSION_10_6)
/* OSX >= 10.6 */
#if defined(_STRUCT_X86_THREAD_STATE64) && !defined(__i386__)
- return (void*) uc->uc_mcontext->__ss.__rip;
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
#elif defined(__i386__)
- return (void*) uc->uc_mcontext->__ss.__eip;
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
#else
/* OSX ARM64 */
- return (void*) arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
+ void *old_val = (void*)arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
+ if (eip) {
+ arm_thread_state64_set_pc_fptr(uc->uc_mcontext->__ss, eip);
+ }
+ return old_val;
#endif
#elif defined(__linux__)
/* Linux */
#if defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
- return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+ GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
#elif defined(__X86_64__) || defined(__x86_64__)
- return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
+ GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
#elif defined(__ia64__) /* Linux IA64 */
- return (void*) uc->uc_mcontext.sc_ip;
+ GET_SET_RETURN(uc->uc_mcontext.sc_ip, eip);
#elif defined(__arm__) /* Linux ARM */
- return (void*) uc->uc_mcontext.arm_pc;
+ GET_SET_RETURN(uc->uc_mcontext.arm_pc, eip);
#elif defined(__aarch64__) /* Linux AArch64 */
- return (void*) uc->uc_mcontext.pc;
+ GET_SET_RETURN(uc->uc_mcontext.pc, eip);
+ #else
+ NOT_SUPPORTED();
#endif
#elif defined(__FreeBSD__)
/* FreeBSD */
#if defined(__i386__)
- return (void*) uc->uc_mcontext.mc_eip;
+ GET_SET_RETURN(uc->uc_mcontext.mc_eip, eip);
#elif defined(__x86_64__)
- return (void*) uc->uc_mcontext.mc_rip;
+ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
+ #else
+ NOT_SUPPORTED();
#endif
#elif defined(__OpenBSD__)
/* OpenBSD */
#if defined(__i386__)
- return (void*) uc->sc_eip;
+ GET_SET_RETURN(uc->sc_eip, eip);
#elif defined(__x86_64__)
- return (void*) uc->sc_rip;
+ GET_SET_RETURN(uc->sc_rip, eip);
+ #else
+ NOT_SUPPORTED();
#endif
#elif defined(__NetBSD__)
#if defined(__i386__)
- return (void*) uc->uc_mcontext.__gregs[_REG_EIP];
+ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_EIP], eip);
#elif defined(__x86_64__)
- return (void*) uc->uc_mcontext.__gregs[_REG_RIP];
+ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_RIP], eip);
+ #else
+ NOT_SUPPORTED();
#endif
#elif defined(__DragonFly__)
- return (void*) uc->uc_mcontext.mc_rip;
+ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
#else
return NULL;
#endif
@@ -1800,6 +1827,10 @@ void dumpCodeAroundEIP(void *eip) {
}
}
+void invalidFunctionWasCalled() {}
+
+typedef void (*invalidFunctionWasCalledType)();
+
void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
UNUSED(secret);
UNUSED(info);
@@ -1817,13 +1848,30 @@ void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
#ifdef HAVE_BACKTRACE
ucontext_t *uc = (ucontext_t*) secret;
- void *eip = getMcontextEip(uc);
+ void *eip = getAndSetMcontextEip(uc, NULL);
if (eip != NULL) {
serverLog(LL_WARNING,
"Crashed running the instruction at: %p", eip);
}
- logStackTrace(getMcontextEip(uc), 1);
+ if (eip == info->si_addr) {
+ /* When eip matches the bad address, it's an indication that we crashed when calling a non-mapped
+ * function pointer. In that case the call to backtrace will crash trying to access that address and we
+ * won't get a crash report logged. Set it to a valid point to avoid that crash. */
+
+ /* This trick allow to avoid compiler warning */
+ void *ptr;
+ invalidFunctionWasCalledType *ptr_ptr = (invalidFunctionWasCalledType*)&ptr;
+ *ptr_ptr = invalidFunctionWasCalled;
+ getAndSetMcontextEip(uc, ptr);
+ }
+
+ logStackTrace(eip, 1);
+
+ if (eip == info->si_addr) {
+ /* Restore old eip */
+ getAndSetMcontextEip(uc, eip);
+ }
logRegisters(uc);
#endif
@@ -1918,7 +1966,7 @@ void watchdogSignalHandler(int sig, siginfo_t *info, void *secret) {
serverLogFromHandler(LL_WARNING,"\n--- WATCHDOG TIMER EXPIRED ---");
#ifdef HAVE_BACKTRACE
- logStackTrace(getMcontextEip(uc), 1);
+ logStackTrace(getAndSetMcontextEip(uc, NULL), 1);
#else
serverLogFromHandler(LL_WARNING,"Sorry: no support for backtrace().");
#endif
--
2.37.4
|
