[Libguestfs] libnbd golang failure on RISC-V

Richard W.M. Jones rjones at redhat.com
Thu Jun 9 16:31:38 UTC 2022 

On Thu, Jun 09, 2022 at 05:00:46PM +0100, Daniel P. Berrangé wrote:
> Well it isn't use-after-free, because we've cleared the
> pointer we freed.

Yes, indeed that's what I meant to say!

> > It seems a bit of an odd function however.  Wouldn't it be better to
> > changes the Bytes function so that it tests if the pointer is NULL and
> > panics?
> 
> In theory I guess both should be equivalent in terms of
> semantics for the caller.
> 
> Also I feel like 'Free' ought to set 'b.Size = 0' after
> it set 'b.P = nul'.  That should solve the problem for
> the Bytes & Slice method tests at least, but probably not
> the Get method test.

Making this change has very unexpected effects (although I think I
partially understand what's going on).  Note this is replicable on
x86-64.

  === RUN   TestAioBufferBytesAfterFree
      libnbd_020_aio_buffer_test.go:108: Did not recover from panic calling Bytes() after Free()
  --- FAIL: TestAioBufferBytesAfterFree (0.00s)

This is failing because C.GoBytes does _not_ segfault, since it is
being asked to memcpy a zero length buffer.

  === RUN   TestAioBufferSliceAfterFree
  --- PASS: TestAioBufferSliceAfterFree (0.00s)

I think I understand why this test now passes, because of the way that
slices are created using b.Size which is now 0.

  === RUN   TestAioBufferGetAfterFree
  --- PASS: TestAioBufferGetAfterFree (0.00s)

Why does this test now pass?!  It's still dereferencing a NULL
pointer.

I wonder why Get doesn't do bounds checking?  That seems like a
general bug.

> > NB: this _does not_ address the other problem where GODEBUG=cgocheck=2
> > complains about "fatal error: Go pointer stored into non-Go memory".
> 
> Maybe that message across comes from the Go signal handler that's
> trying to cope with the SEGV from the NULL reference, causing it
> to trip over itself & thus not turn  the problem into a pnaic.

We're rebuilding the latest Fedora packages, so my plan here is to try
with the newest golang when it becomes available and hope it's been
fixed upstream (if it's a golang problem).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

More information about the Libguestfs mailing list