[apparmor] apparmor_parser segfault

Christian Boltz apparmor at cboltz.de
Tue Jan 11 16:50:13 UTC 2011 

Hello,

Am Dienstag, 11. Januar 2011 schrieb Kees Cook:
> On Tue, Jan 11, 2011 at 02:24:50AM +0100, Christian Boltz wrote:
> > (And they let apparmor_parser segfault when trying to load them, so
> > the bug is still reproducable with the -p-parsed profiles.)
> > 
> > Happy debugging! ;-)
> 
> Hm, I'm not seeing this crash with the latest bzr tree, or with the
> 2.5.1 version in Ubuntu maverick. Can you try to get some
> backtraces, or maybe recheck with the latest from the tree? Maybe we
> can find specifically which commit fixed or hid the problem.

I'm not too familiar with producing backgraces, but managed to get one - 
see below. (If I did something wrong, please tell me what I should do ;-)

Without knowing the code, I'd guess the long list of simplify_tree_base 
calls could indicate an (endless?) loop...


Testing the latest version isn't a real problem for me, however I'd love 
to see a RPM I can just install ;-) (probably not too hard to do - branch
apparmor from security:apparmor and upload a tarball)


Backtrace:

# gdb --args apparmor_parser usr.share.git-web.gitweb.cgi 
GNU gdb (GDB) SUSE (7.2-2.7)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /sbin/apparmor_parser...(no debugging symbols found)...done.
(gdb) run
Starting program: /sbin/apparmor_parser usr.share.git-web.gitweb.cgi
Missing separate debuginfo for /lib64/ld-linux-x86-64.so.2
Try: zypper install -C "debuginfo(build-id)=5cfc5a2c4891477ba3f389a7f24582df1496bd89"
Missing separate debuginfo for /lib64/libc.so.6
Try: zypper install -C "debuginfo(build-id)=0d950bde4b77aa25e40384b58280de0f1c77073b"

Program received signal SIGSEGV, Segmentation fault.
0x000000000041bca9 in simplify_tree_base(Node*, int, bool&) ()
(gdb) bt
#0  0x000000000041bca9 in simplify_tree_base(Node*, int, bool&) ()
#1  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#2  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#3  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#4  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#5  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#6  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#7  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#8  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#9  0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#10 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#11 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#12 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#13 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#14 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#15 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#16 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#17 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#18 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#19 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#20 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#21 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#22 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#23 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#24 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#25 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#26 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#27 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#28 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#29 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#30 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#31 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#32 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#33 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#34 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#35 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#36 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#37 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#38 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#39 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#40 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#41 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#42 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#43 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#44 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#45 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#46 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#47 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#48 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#49 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#50 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#51 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#52 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#53 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#54 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#55 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#56 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#57 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#58 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#59 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#60 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#61 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#62 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#63 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#64 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#65 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#66 0x000000000041bbba in simplify_tree_base(Node*, int, bool&) ()
#67 0x000000000041c126 in simplify_tree(Node*, dfaflags) ()
#68 0x000000000042668b in aare_create_dfa ()
#69 0x0000000000413deb in process_regex ()
#70 0x000000000041482c in __process_regex ()
#71 0x0000000000414dd5 in post_process_regex ()
#72 0x0000000000414ffa in post_process_policy ()
#73 0x000000000040962b in process_profile ()
#74 0x000000000040a08a in main ()
(gdb) 



Regards,

Christian Boltz
-- 
"Arial was designed for Monotype in 1982 by Robin Nicholas and Patricia
Saunders" - Diese Aussage ist bei mir und bei dir gleich gültig.
(Gleich gültig. Nicht: Gleichgültig. :-) ). Ob sie uns interessiert,
sei dahingestellt, die Aussage ist wahr.  [Ratti in fontlinge-devel]

More information about the AppArmor mailing list