Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGSEGV with to caml_unix_alloc_sockaddr #12796

Closed
talex5 opened this issue Nov 29, 2023 · 1 comment · Fixed by #12801
Closed

SIGSEGV with to caml_unix_alloc_sockaddr #12796

talex5 opened this issue Nov 29, 2023 · 1 comment · Fixed by #12801

Comments

@talex5
Copy link
Contributor

talex5 commented Nov 29, 2023

This program segfaults on OCaml 5.1.0:

let () =
  let a, b = Unix.(socketpair PF_UNIX SOCK_DGRAM 0) in
  let buf = Bytes.create 1 in
  while true do
    let sent = Unix.send_substring a "!" 0 1 [] in
    assert (sent = 1);
    let got, addr = Unix.recvfrom b buf 0 1 [] in
    assert (got = 1);
  done
$ ocamlopt -I +unix unix.cmxa test.ml && ./a.out
fish: Job 1, './a.out' terminated by signal SIGSEGV (Address boundary error)

(this was originally seen as an occasional hang in Eio's tests)

I believe this is due to this code in caml_unix_alloc_sockaddr failing to restore caml_state->local_roots on exit:

ocaml/otherlibs/unix/socketaddr.c

Lines 111 to 121 in c2476e3

value caml_unix_alloc_sockaddr(union sock_addr_union * adr /*in*/,
socklen_param_type adr_len, int close_on_error)
{
CAMLparam0();
CAMLlocal1(a);
value res;
if (adr_len < offsetof(struct sockaddr, sa_data)) {
// Only possible for an unnamed AF_UNIX socket, in
// which case sa_family might be uninitialized.
return alloc_unix_sockaddr(caml_alloc_string(0));
}

@gasche
Copy link
Member

gasche commented Nov 29, 2023
edited

This looks likely, would you like to submit a fix as a PR? (For example you could use CAMLreturn instead.)

talex5 added a commit to talex5/ocaml that referenced this issue Dec 1, 2023
@talex5
Fix memory corruption in caml_unix_alloc_sockaddr (ocaml#12796)
e962598
@nojb nojb mentioned this issue Dec 1, 2023
Merged
gasche added a commit that referenced this issue Dec 1, 2023
@gasche
Merge pull request #12801 from talex5/fix-sockaddr-gc
faaec61 
Fix memory corruption in caml_unix_alloc_sockaddr (#12796)
talex5 added a commit to talex5/eio that referenced this issue Dec 1, 2023
@talex5
eio_posix: work around caml_unix_alloc_sockaddr bug
a544e0f 
If given an empty address, it would corrupt memory.
This resulted in the tests hanging sometimes, spinning in
`caml_do_local_roots`.

See ocaml/ocaml#12796.
talex5 added a commit to talex5/eio that referenced this issue Dec 1, 2023
@talex5
eio_posix: work around caml_unix_alloc_sockaddr bug
997f349 
If given an empty address, it would corrupt memory.
This resulted in the tests hanging sometimes, spinning in
`caml_do_local_roots`.

See ocaml/ocaml#12796.
@talex5 talex5 mentioned this issue Dec 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix memory corruption in caml_unix_alloc_sockaddr (#12796) talex5/ocaml
2 participants
@gasche @talex5