-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault due to unchecked return value #1107
Comments
There's not currently any explicit checking for whether it's _possible_ to
execute callbacks/allocate executable memory, so to the extent that we can
throw an exception rather than segfault, that would be nice. PRs welcome.
…On Thu, Jun 13, 2019 at 10:30 AM Zach Kost-Smith ***@***.***> wrote:
https://github.com/java-native-access/jna/blob/dabdcd7c27e2b4d7f672fca1c55b6da5c74badb5/native/dispatch.c#L3461
I think I traced a segfault to this line. The return type stored in
closure can be NULL on allocation failure. ffi_prep_closure_loc assumes
that the value is valid, so passing NULL will produce a seg fault.
This happens on locked down systems with restricted execution and write
permissions. The libffi closure API requires either trivially executable
heap allocations or a location to mmap with both read-write and exec
permissions. If it doesn't have this (e.g. selinux with no rw, exec
mounts), it will fail to allocate the closure structure.
Perhaps this could fail more gracefully?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1107?email_source=notifications&email_token=AAFYZLMJKYYGQZTJZZ7YFM3P2JKW5A5CNFSM4HX2GHLKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZKSZDQ>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFYZLOLUXNQUXKHEOYGVDTP2JKW5ANCNFSM4HX2GHLA>
.
|
I'll take a look as time permits. I don't think I can get my company to sponsor this work, unfortunately, so it may take a while for the free time to surface. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
jna/native/dispatch.c
Line 3461 in dabdcd7
I think I traced a segfault to this line. The return type stored in closure can be NULL on allocation failure. ffi_prep_closure_loc assumes that the value is valid, so passing NULL will produce a seg fault.
This happens on locked down systems with restricted execution and write permissions. The libffi closure API requires either trivially executable heap allocations or a location to mmap with both read-write and exec permissions. If it doesn't have this (e.g. selinux with no rw, exec mounts), it will fail to allocate the closure structure.
Perhaps this could fail more gracefully?
The text was updated successfully, but these errors were encountered: