Bug 8618 - [Anolis23.1 GA][Beta][23.1核心软件包-libsigsegv]栈溢出出现Segmentation fault时,libsigsegv无法捕获该场景出现的segment fault
Summary: [Anolis23.1 GA][Beta][23.1核心软件包-libsigsegv]栈溢出出现Segmentation fault时,libsigseg...
Status: NEW
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 23.1
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: gaochang
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-25 15:19 UTC by wangyaru01
Modified: 2024-04-29 15:34 UTC (History)
3 users (show)

See Also:

Attachments
实际结果因类似空指针这种,libsigsegv可正常捕获并处理段错误 (754.32 KB, image/png)
2024-03-25 15:19 UTC, wangyaru01 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description wangyaru01 2024-03-25 15:19:38 UTC 
Created attachment 1107 [details]
实际结果因类似空指针这种,libsigsegv可正常捕获并处理段错误

[问题描述]:
Anolis23环境,libsigsegv软件包,安装 libsigsegv 的段错误处理程序sigsegv_install_handler后,栈溢出导致的段错误没有被成功捕捉而是程序直接退出了

[环境信息]:
机器类型:ECS

[内核信息]:
# uname -r -r
5.10.134-15.an23.x86_64

[操作系统信息]:
#  cat /etc/os-release
cat /etc/os-release
NAME="Anolis OS"
VERSION="23"
ID="anolis"
VERSION_ID="23"
PLATFORM_ID="platform:an23"
PRETTY_NAME="Anolis OS 23"
ANSI_COLOR="0;31"
HOME_URL="https://openanolis.cn/"
BUG_REPORT_URL="https://bugzilla.openanolis.cn/"

[重现步骤]:
1、环境上安装libsigsegv、libsigsegv-devel
2、创建捕获栈溢出段错误场景的C文件:
# cat bak_stack_over.c 
#include <stdio.h>
#include <stdlib.h>
#include <sigsegv.h>

/* 栈溢出处理函数 */
static int overflow_handler(void *fault_address, int serious)
{
    printf("Stack overflow detected at address: %p\\n", fault_address);
    exit(2);
    return 0; //上句已返回,不会执行
}

int main(void)
{
    /* 安装 libsigsegv 的栈溢出处理程序 */
    sigsegv_install_handler(overflow_handler);

    printf("Causing stack overflow...\\n");
    char large_array[1024 * 1024 * 10];
    large_array[0] = 1;

    /* 如果栈溢出处理程序可以正常恢复,以下行将不会执行 */
    printf("This line should not be executed.\\n");

    return 0;
}
3、编译gcc -o bak_stack_over bak_stack_over.c -lsigsegv  
4、执行strace ./bak_stack_over 

预期结果:
出现类似 Stack overflow detected at address: XXX的信息后程序退出

实际结果:收到SIGSEGV 信号后直接段错误程序直接对出
# strace ./bak_stack_over 
execve("./bak_stack_over", ["./bak_stack_over"], 0x7ffe772df910 /* 41 vars */) = 0
brk(NULL)                               = 0x1721000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffee7dc1e50) = -1 EINVAL (Invalid argument)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9068ad000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=14143, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 14143, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc9068a9000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libsigsegv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=20016, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 20552, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc9068a3000
mmap(0x7fc9068a4000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fc9068a4000
mmap(0x7fc9068a6000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc9068a6000
mmap(0x7fc9068a7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc9068a7000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3206\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2203056, ...}, AT_EMPTY_PATH) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 1932592, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc9066cb000
mmap(0x7fc9066ed000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7fc9066ed000
mmap(0x7fc906842000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x177000) = 0x7fc906842000
mmap(0x7fc906895000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c9000) = 0x7fc906895000
mmap(0x7fc90689b000, 32048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc90689b000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9066c8000
arch_prctl(ARCH_SET_FS, 0x7fc9066c8740) = 0
set_tid_address(0x7fc9066c8a10)         = 47920
set_robust_list(0x7fc9066c8a20, 24)     = 0
rseq(0x7fc9066c9060, 0x20, 0, 0x53053053) = 0
mprotect(0x7fc906895000, 16384, PROT_READ) = 0
mprotect(0x7fc9068a7000, 4096, PROT_READ) = 0
mprotect(0x403000, 4096, PROT_READ)     = 0
mprotect(0x7fc9068df000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fc9068a9000, 14143)           = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7ffee73c1e98} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

[问题发生概率]:必现