Debian Bug report logs - #878107
src:pcre3: stack frame size detection is broken

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: src:pcre3: stack frame size detection is broken

Date: Mon, 09 Oct 2017 20:23:42 +0000

Package: src:pcre3
Version: 2:8.39-5
Severity: grave

Dear Maintainer,

the system-wide pcre3 library stack frame size detection is broken as described in
https://bugs.exim.org/show_bug.cgi?id=2173

and that breaks at least ppc64el and s390x build causing segfaults in the test suite (+ autopkgtest).

The patch from Sergei @ MariaDB is quite simple at it should pose no risk applying it:

diff --git a/pcre/pcre_exec.c b/pcre/pcre_exec.c
--- a/pcre/pcre_exec.c
+++ b/pcre/pcre_exec.c
@@ -509,6 +509,12 @@
                  (e.g. stopped by repeated call or recursion limit)
 */
 
+#ifdef __GNUC__
+static int
+match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
+  PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,
+  unsigned int rdepth) __attribute__((noinline,noclone));
+#endif
 static int
 match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
 PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,

Please apply the patch in the next maintenance window for PCRE3,
including stable and possibly oldstable as this causes segfaults (at
least) in src:mariadb-10.1 on affected platforms (and both ppc64el and
s390x are our release architectures).

Cheers,
Ondrej

-- System Information:
Debian Release: 9.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #14 received at 878107@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: Ondřej Surý <ondrej@debian.org>, 878107@bugs.debian.org, Debian Bug Tracking System <control@bugs.debian.org>

Subject: Re: Bug#878107: src:pcre3: stack frame size detection is broken

Date: Tue, 10 Oct 2017 11:47:31 +0100

severity 878107 important
tags 878107 + upstream moreinfo
quit
Hi,

On 09/10/17 21:23, Ondřej Surý wrote:

> the system-wide pcre3 library stack frame size detection is broken as described in
> https://bugs.exim.org/show_bug.cgi?id=2173

I note that upstream aren't proposing to address this.

> and that breaks at least ppc64el and s390x build causing segfaults in the test suite (+ autopkgtest).

It's not clear to me that this couldn't be addressed by increasing the
stack ulimit for the build (hence my request for moreinfo on 876299).

> The patch from Sergei @ MariaDB is quite simple at it should pose no risk applying it:

...and presumably won't work with clang?

Regards,

Matthew

Message #23 received at 878107@bugs.debian.org (full text, mbox, reply):

From: Adrian Bunk <bunk@debian.org>

To: Matthew Vernon <matthew@debian.org>, 878107@bugs.debian.org

Cc: Ondřej Surý <ondrej@debian.org>

Subject: Re: Bug#878107: src:pcre3: stack frame size detection is broken

Date: Tue, 21 Nov 2017 00:22:00 +0200

Control: severity -1 serious
Control: tags -1 -moreinfo
Control: found -1 2:8.35-3.3

On Tue, Oct 10, 2017 at 11:47:31AM +0100, Matthew Vernon wrote:
> severity 878107 important
> tags 878107 + upstream moreinfo
> quit
> Hi,
> 
> On 09/10/17 21:23, Ondřej Surý wrote:
> 
> > the system-wide pcre3 library stack frame size detection is broken as described in
> > https://bugs.exim.org/show_bug.cgi?id=2173
> 
> I note that upstream aren't proposing to address this.

Upstream says:
  PCRE1 (the 8.xx series) is very much in "maintenance only" mode. PCRE2 
  (the 10.xx series) has been out for nearly 3 years now, and its most 
  recent release, 10.30, no longer uses the stack for remembering 
  backtracking points.

That's fair enough, especially considering that a proper fix might be hard.

But it doesn't help existing software that cannot immediately be ported 
to PCRE2 (even more in stable releases).


Upstream also says:
  This was always somewhat dodgy code, and since it was released I have 
  discovered that all kinds of compiler variations can alter the answer 
  that you get. With hindsight, it should never have been released.

One real-world problem where this dodgy code does break has been found 
to affect real software, and the suggested patch that disables some
otherwise possible optimizations for one function is confirmed to
workaround this specific breakage.

This is a quite minimal workaround for this specific breakage.


MariaDB has now made the step of using a bundled copy of PCRE when at 
build time the system version of PCRE is found to have this problem.

That's a reasonable decision, but obviously lacks fixes from the Debian 
package and using it would increase the amount of work for PCRE security 
updates.


> > and that breaks at least ppc64el and s390x build causing segfaults in the test suite (+ autopkgtest).
> 
> It's not clear to me that this couldn't be addressed by increasing the
> stack ulimit for the build (hence my request for moreinfo on 876299).

Doesn't fix the MariaDB test, and wouldn't fix it for all users of PCRE.


> > The patch from Sergei @ MariaDB is quite simple at it should pose no risk applying it:
> 
> ...and presumably won't work with clang?

clang knows about noinline (and implements it properly),
and gives a warning for the noclone it doesn't know:

$ cat test.c
#include <stdio.h>

static void printit(void) __attribute__((noinline,noclone));

static void printit(void)
{
  printf("Hello, world!\n");
}

int main(void)
{
  printit();
  return 0;
}
$ clang -O2 -Wall test.c -o test && ./test
test.c:3:51: warning: unknown attribute 'noclone' ignored 
[-Wunknown-attributes]
static void printit(void) __attribute__((noinline,noclone));
                                                  ^
1 warning generated.
Hello, world!
$ 


> Regards,
> 
> Matthew

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Message #34 received at 878107-close@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: 878107-close@bugs.debian.org

Subject: Bug#878107: fixed in pcre3 2:8.39-6

Date: Thu, 30 Nov 2017 16:21:54 +0000

Source: pcre3
Source-Version: 2:8.39-6

We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthew Vernon <matthew@debian.org> (supplier of updated pcre3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 30 Nov 2017 15:38:57 +0000
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0v5 libpcre3-dev libpcre3-dbg pcregrep libpcre16-3 libpcre32-3
Architecture: i386 source
Version: 2:8.39-6
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Matthew Vernon <matthew@debian.org>
Closes: 876299 878107
Description: 
 libpcre16-3 - Old Perl 5 Compatible Regular Expression Library - 16 bit runtime
 libpcre32-3 - Old Perl 5 Compatible Regular Expression Library - 32 bit runtime
 libpcre3-dbg - Old Perl 5 Compatible Regular Expression Library - debug symbols
 libpcre3-dev - Old Perl 5 Compatible Regular Expression Library - development fi
 libpcre3   - Old Perl 5 Compatible Regular Expression Library - runtime files
 libpcre3-udeb - Old Perl 5 Compatible Regular Expression Library - runtime files  (udeb)
 libpcrecpp0v5 - Old Perl 5 Compatible Regular Expression Library - C++ runtime fi
 pcregrep   - grep utility that uses perl 5 compatible regexes.
Changes:
 pcre3 (2:8.39-6) unstable; urgency=medium
 .
   * patch from Sergei from MariaDB (via Ondřej Surý) to fix stack frame
     size detection (Closes: #878107, #876299)
Checksums-Sha1: 
 3f86e02ecc1095fa1d2953382fbba54204cbb752 2224 pcre3_8.39-6.dsc
 d95cd8676fafa3d661c4b053eded917207f6134c 26125 pcre3_8.39-6.debian.tar.gz
 faf91e800c9dbc3173dae33536fc86ee5038ef38 5637 pcre3_8.39-6_source.buildinfo
 91c53955141e813cc4e0a3c360cecc2b249eb69f 256916 libpcre16-3_8.39-6_i386.deb
 c0f67bc7544e47144b889720bf42fe5d6ed91694 799800 libpcre3-dbg_8.39-6_i386.deb
 d122090ae4df221c5bcd513b55769a7606f687f0 647320 libpcre3-dev_8.39-6_i386.deb
 df9dabcd32fc68a3c7cd897a90ad9c912e086e83 154552 libpcre3-udeb_8.39-6_i386.udeb
 ea5d4276314fb80d0e267d1439535516bc613ffa 248348 libpcre32-3_8.39-6_i386.deb
 09ac20b54fd8080c40c0731e244175837e542ab5 338112 libpcre3_8.39-6_i386.deb
 e985fb1d86f68d45fc0958939c5fbf4723e5f015 152668 libpcrecpp0v5_8.39-6_i386.deb
 e1fdefa4839cd16c34919b79a3d8b75a4bfacdd1 5925 pcre3_8.39-6_i386.buildinfo
 da14a21c265462c7c4791ba55f703e666d75d525 27280 pcregrep_8.39-6_i386.deb
Checksums-Sha256: 
 336ece204637e2a27d304ac924ae475052de1e5cbfe1875ac380adf8480ffd7c 2224 pcre3_8.39-6.dsc
 27bd9bd2f2dbcc8aee2a05893a6b32025e6e91d4a1fd5bc9e3fd1a7d28dea5f7 26125 pcre3_8.39-6.debian.tar.gz
 ab5a45f79970f64759450d760a3f8ea064c9a076c35aad2a79ab43133206e4a1 5637 pcre3_8.39-6_source.buildinfo
 71c6ef8785e52018f309f14cccf031209b9e0672486385ec8c5f54fc1796be64 256916 libpcre16-3_8.39-6_i386.deb
 e22695f5b445966698a0d1bf8c90f2e70c2fa41da63dac8bc58d4533d5942e00 799800 libpcre3-dbg_8.39-6_i386.deb
 20d42bbf16e020701f7caaba2e918503389d874f1dbeab245172c1bf61495192 647320 libpcre3-dev_8.39-6_i386.deb
 f0cb4988531f24967fdfa6a22e3aea7edd778b0aaa1377012ad022beff047428 154552 libpcre3-udeb_8.39-6_i386.udeb
 acaf509c98030d79009fbcb8beeb1ea6f1edbd09de78fb81d4bc6dbf739e9ddd 248348 libpcre32-3_8.39-6_i386.deb
 12e887ed09bcf31c777960a94d901befcb92f8ce41879617db8b5fa7dc6b980b 338112 libpcre3_8.39-6_i386.deb
 5fc0f80419288a512b0e0d7ae6ced7bd0cd84b8f66534af2b4fd663430d13699 152668 libpcrecpp0v5_8.39-6_i386.deb
 a266c1366260e4e1c6227093c313a0cb477f0e98b2dbebbf701ef67876104e8d 5925 pcre3_8.39-6_i386.buildinfo
 8a8d773a91c3dbefe93f5b4cf6a5368e5f4579ab492fe545d6941f779950a61c 27280 pcregrep_8.39-6_i386.deb
Files: 
 fd73be177ed5bfcc188e8a68f369e829 2224 libs optional pcre3_8.39-6.dsc
 d75c29b771ad7b6edac4ebcfade41230 26125 libs optional pcre3_8.39-6.debian.tar.gz
 e206e8c1809ef8e7117717d8e3595465 5637 libs optional pcre3_8.39-6_source.buildinfo
 6336eca9ad7cc220bf3bb925178d8135 256916 libs optional libpcre16-3_8.39-6_i386.deb
 fc9d84be9e5a7fd0ee9bcf60b163dd59 799800 debug extra libpcre3-dbg_8.39-6_i386.deb
 f0c7b5c102eac51ed8a8d8d18592167c 647320 libdevel optional libpcre3-dev_8.39-6_i386.deb
 966a0a4421ce88f4fc959103be33fe48 154552 debian-installer important libpcre3-udeb_8.39-6_i386.udeb
 781e0635416f975414288cde3e11c4e7 248348 libs optional libpcre32-3_8.39-6_i386.deb
 8d68da8a46073dd7338c160a856832df 338112 libs important libpcre3_8.39-6_i386.deb
 085c0abfe997de196813e5f635958252 152668 libs optional libpcrecpp0v5_8.39-6_i386.deb
 8f52680a2b72904a5d79ad9d3efbad0a 5925 libs optional pcre3_8.39-6_i386.buildinfo
 814789ddd32f5d3788120bc4bb645af8 27280 utils optional pcregrep_8.39-6_i386.deb

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEuk75yE35bTfYoeLUEvTSHI9qY8gFAlogKikTHG1hdHRoZXdA
ZGViaWFuLm9yZwAKCRAS9NIcj2pjyJH+D/4jDGqEBVNI/TpmpIDMmBn6OhRIm5VQ
CttJ4Evi5ZRSrWuNLx4/y0A9dij4GeoWkiV43IVTHMp9bP+uwxuSXV9gHF33rD7e
sA527e+Cj2epzhEMvVyjISTIOEXEJ/HDWkH5z2U0Vt7jhRBmySoGjLD+K6Np51nj
zTZICugudXtfaNltrrlGCHRfyPS4yJ4vpWWYgndxEDTXkPoCsUYaIjiNmO7E/tvZ
0rVtjPSnzRX7vMdv9w50NLwHiWKtzPoUHet/++KYBXyRV9MjcpcE8QylABEDBrXE
NPiqhojbEJ1XsPnlP3G4irJ8evOuMkHtZQOk4jzpQKB9fYYfJD1y1iQWSLkuz6h4
JK8NdQ6uTlxf91SE/hLmleNwBihXYtGkFQGflsAosTpfi4vLfK+bOtN3bMuYj4M4
r6Ijz6QSBv2N3hVOu4lexlRsS3gNzsaAWvufASmaSq3s08/OjCMp8iqX5IU4ZHnp
wa3QlWvDOKLKZyBzNQKL2392HgkVkGrvDm+isSYd7ja3kJPQ+5H+8yOh2zT4a2fm
vggpJH6kRMS89pN54rSc5bmhdufr/gQSPGdwN66T5GH4swmVlLbSGPvCLR4SGu7G
ir8x2PsxkPuGr5CRsrkAU+1WhX8tlKW8aV+iZ4rWWCuQoGko6AwAVgyWgV+zq9FD
JGtdL/+7CoJJ7Q==
=SP70
-----END PGP SIGNATURE-----

Message #39 received at 878107@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: Adrian Bunk <bunk@debian.org>, 878107@bugs.debian.org

Cc: Ondřej Surý <ondrej@debian.org>

Subject: Re: Bug#878107: src:pcre3: stack frame size detection is broken

Date: Thu, 30 Nov 2017 15:42:23 +0000

On 20/11/17 22:22, Adrian Bunk wrote:

[snip]

> One real-world problem where this dodgy code does break has been found
> to affect real software, and the suggested patch that disables some
> otherwise possible optimizations for one function is confirmed to
> workaround this specific breakage.
> 
> This is a quite minimal workaround for this specific breakage.

[snip]

Thanks for your mail, and for your patience. I have applied the patch, 
and assuming my builds+testing go OK, will be uploading it shortly.

Regards,

Matthew

Send a report that this bug log contains spam.