Bug 1956326

Summary:	annocheck SEGV in a (privileged) container
Product:	[Fedora] Fedora	Reporter:	Martin Cermak <mcermak>
Component:	annobin	Assignee:	Nick Clifton <nickc>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	fweimer, jakub, nickc
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	annobin-9.71.fc35	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-05-12 07:24:02 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Martin Cermak 2021-05-03 13:34:20 UTC

$ podman run --privileged -ti registry.fedoraproject.org/fedora:rawhide /bin/bash
[root@eaabfcea622c /]# yum install annobin-annocheck gdb --quiet
Is this ok [y/N]: y

Installed:
  annobin-annocheck-9.70-1.fc35.x86_64                        annobin-docs-9.70-1.fc35.noarch                     
  boost-regex-1.75.0-4.fc35.x86_64                            ctags-5.9-0.1.20210307.0.fc35.x86_64                
  dbus-libs-1:1.12.20-3.fc34.x86_64                           dnf-plugins-core-4.0.21-1.fc35.noarch               
  elfutils-debuginfod-client-0.183-3.fc35.x86_64              gc-8.0.4-5.fc34.x86_64                              
  gdb-10.1-18.fc35.x86_64                                     gdb-headless-10.1-18.fc35.x86_64                    
  guile-5:2.0.14-24.fc34.x86_64                               jansson-2.13.1-2.fc34.x86_64                        
  libbabeltrace-1.5.8-6.fc34.x86_64                           libicu-67.1-6.fc35.x86_64                           
  libipt-2.0.4-2.fc35.x86_64                                  libseccomp-2.5.0-4.fc34.x86_64                      
  libtool-ltdl-2.4.6-40.fc34.x86_64                           python3-dateutil-1:2.8.1-3.fc34.noarch              
  python3-dbus-1.2.16-4.fc34.x86_64                           python3-distro-1.5.0-5.fc34.noarch                  
  python3-dnf-plugins-core-4.0.21-1.fc35.noarch               python3-setuptools-56.0.0-2.fc35.noarch             
  python3-six-1.15.0-5.fc35.noarch                            source-highlight-3.1.9-9.fc35.x86_64                
  xxhash-libs-0.8.0-2.fc34.x86_64                            

[root@eaabfcea622c /]# dnf debuginfo-install annobin-annocheck --quiet -y

Installed:
  annobin-annocheck-debuginfo-9.70-1.fc35.x86_64                annobin-debuginfo-9.70-1.fc35.x86_64               
  annobin-debugsource-9.70-1.fc35.x86_64                       

[root@eaabfcea622c /]# gdb -args annocheck /bin/bash
GNU gdb (GDB) Fedora 10.1-18.fc35
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from annocheck...
Reading symbols from /usr/lib/debug/usr/bin/annocheck-9.70-1.fc35.x86_64.debug...
(gdb) r
Starting program: /usr/bin/annocheck /bin/bash
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.33.9000-2.fc35.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
annocheck: Version 9.70.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7fcc80d in ?? ()
Missing separate debuginfos, use: dnf debuginfo-install audit-libs-3.0.1-2.fc35.x86_64 bzip2-libs-1.0.8-6.fc34.x86_64 cyrus-sasl-lib-2.1.27-10.fc35.x86_64 elfutils-debuginfod-client-0.183-3.fc35.x86_64 elfutils-libelf-0.183-3.fc35.x86_64 elfutils-libs-0.183-3.fc35.x86_64 keyutils-libs-1.6.1-2.fc34.x86_64 krb5-libs-1.19.1-3.fc35.1.x86_64 libacl-2.3.1-1.fc35.x86_64 libattr-2.5.1-1.fc35.x86_64 libbrotli-1.0.9-4.fc34.x86_64 libcap-2.48-2.fc35.x86_64 libcap-ng-0.8.2-4.fc34.x86_64 libcom_err-1.46.2-2.fc35.x86_64 libcurl-7.76.1-1.fc35.x86_64 libidn2-2.3.0-5.fc34.x86_64 libnghttp2-1.43.0-2.fc35.x86_64 libpsl-0.21.1-3.fc34.x86_64 libssh-0.9.5-2.fc34.x86_64 libunistring-0.9.10-10.fc34.x86_64 libxcrypt-4.4.19-1.fc35.x86_64 libzstd-1.4.9-1.fc35.x86_64 lua-libs-5.4.2-2.fc34.x86_64 openssl-libs-1.1.1k-1.fc35.x86_64 pcre2-10.36-4.fc35.x86_64 popt-1.18-4.fc35.x86_64 rpm-libs-4.16.90-0.git15395.4.fc35.x86_64 sqlite-libs-3.35.5-1.fc35.x86_64 xz-libs-5.2.5-5.fc34.x86_64 zlib-1.2.11-26.fc35.x86_64
(gdb) bt
#0  0x00007ffff7fcc80d in ?? ()
#1  0x00007ffff7d46cf5 in clock_getres.5 () from /lib64/libc.so.6
#2  0x000055555555e503 in timing_start_scan (level=<optimized out>, datafile=<optimized out>)
    at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/timing.c:146
#3  0x0000555555559ebd in main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/annocheck.c:1858
(gdb) 


Looking at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/timing.c:146 :

    136 static void
    137 timing_start_scan (uint level, const char * datafile)
    138 {
    139   num_files = 0;
    140   scan_time = 0;
    141   clk_id = CLOCK_REALTIME;
    142 
    143   if (0)
    144     ;
    145 #ifdef CLOCK_MONOTONIC
    146   else if (clock_getres (CLOCK_MONOTONIC, NULL) == 0)
    147     clk_id = CLOCK_MONOTONIC;
    148 #endif
    149 #ifdef CLOCK_PROCESS_CPUTIME_ID
    150   else if (clock_getres (CLOCK_PROCESS_CPUTIME_ID, NULL) == 0)
    151     clk_id = CLOCK_PROCESS_CPUTIME_ID;
    152 #endif
    153   /* FIXME: Try other clocks ?  */
    154 }

Looks like the SEGV happens in the clock_getres() call.

Comment 1 Nick Clifton 2021-05-04 14:30:27 UTC

Hi Martin,

  I am unable to reproduce this bug myself, but the call to clock_getres() should not be happening in the first place, so I have created an update version of annobin (9.71) which should address this issue.

Cheers
  Nick

Comment 2 Martin Cermak 2021-05-12 07:24:02 UTC

Hi Nick, it does look good:

[root@9897a7d4b44c /]# rpm -q annobin-annocheck
annobin-annocheck-9.70-1.fc35.x86_64
[root@9897a7d4b44c /]# annocheck /bin/bash
annocheck: Version 9.70.
Segmentation fault (core dumped)
[root@9897a7d4b44c /]# rpm -qa | fgrep annobin
annobin-docs-9.70-1.fc35.noarch
annobin-annocheck-9.70-1.fc35.x86_64
[root@9897a7d4b44c /]# rpm -Uvh https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/noarch/annobin-docs-9.71-1.fc35.noarch.rpm https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/x86_64/annobin-annocheck-9.71-1.fc35.x86_64.rpm
Retrieving https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/noarch/annobin-docs-9.71-1.fc35.noarch.rpm
Retrieving https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/x86_64/annobin-annocheck-9.71-1.fc35.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:annobin-docs-9.71-1.fc35         ################################# [ 25%]
   2:annobin-annocheck-9.71-1.fc35    ################################# [ 50%]
Cleaning up / removing...
   3:annobin-annocheck-9.70-1.fc35    ################################# [ 75%]
   4:annobin-docs-9.70-1.fc35         ################################# [100%]
[root@9897a7d4b44c /]# annocheck /bin/bash
annocheck: Version 9.71.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: bash: PASS.
[root@9897a7d4b44c /]#


Thanks!