Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap

[Kees Cook <kees at outflux dot net>]

On Tue, Feb 14, 2012 at 04:20:17PM -0600, Ryan S. Arnold wrote:
> On Fri, Feb 10, 2012 at 1:24 PM, Kees Cook <kees@outflux.net> wrote:
> > Just checking in on this. Is anyone willing to ACK this patch?
> 
> The patch passed make check for PowerPC 32-bit and Libdfp 32-bit
> regression testing of the printf-hooks mechanism.
> 
> Currently I'm testing PowerPC 64-bit and bug-vfprintf-nargs is getting
> killed by the skeleton code due to a timeout before the expected
> SEGV happens.

Hrm, I wonder if this timeout is from it allocating giant memory region
using a layout that actually allows it without crashing into other things.
(i.e. x86_64 would always very rapidly crash, but I don't know about
ppc's layout.)

> >From my tests it looks like the test-case needs a TIMEOUTFACTOR
> environment variable to give the test time to SEGV on PowerPC64.  On a
> system that's not under load a timeoutfactor of 10 seemed to be
> adequate.
> 
> in sysdeps/powerpc/powerpc64/Makefile:
> 
> ifeq ($(subdir),stdio-common)
> bug-vfprintf-nargs-ENV = TIMEOUTFACTOR="10"
> endif
> 
> The problem with this method is that this may still fail with a
> SIGALRM before the SEGV happens on a system under load (for instance
> under a parallel make check).
> 
> The other possibility is to changed the expected signal to SIGALRM for
> powerpc64 in bug-vfprintf-nargs.c:
> 
> #if __WORDSIZE == 32
> # define EXPECTED_STATUS 0
> #elif defined __powerpc64__
> # define EXPECTED_SIGNAL SIGALRM
> #else
> # define EXPECTED_SIGNAL SIGSEGV
> #endif
> 
> Of course, on a system that's not under loader this may SEGV before
> the timeout is hit and SIGALRM is raised.

Perhaps under 64-bit, it should just skip the test entirely? The 64-bit
case is meaningless anyway.

-Kees

-- 
Kees Cook                                            @outflux.net