Bug 2176542

Summary: jq runs out of memory and causes mod_auth_openidc to seqfault
Product: Red Hat Enterprise Linux 9 Reporter: Tomas Halman <thalman>
Component: jqAssignee: Tomas Halman <thalman>
Status: VERIFIED --- QA Contact: Scott Poore <spoore>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0CC: spoore
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: jq-1.6-15.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Halman 2023-03-08 15:57:48 UTC 
This bug was initially created as a copy of Bug #2092160

I am copying this bug because it applies to rhel9 too: 



With jq-1.6-3.el8 and using mod_auth_openidc with apache httpd we are getting segfaults. 

Here's the trace:

#0  0x0000000000000000 in ?? ()                                                                      
#1  0x00007f1c98bc1019 in jv_nomem_handler (handler=0x0, data=0x0) at src/jv_alloc.c:82              
#2  0x00007f1c98bba10d in jq_compile_args (jq=<optimized out>, str=<optimized out>, args=...)        
    at src/execute.c:1162                                                                            
#3  0x00007f1c994cab6d in oidc_authz_match_claims_expr ()                                            
   from target:/etc/httpd/modules/mod_auth_openidc.so                                                
#4  0x00007f1c994cafbf in oidc_authz_worker24 () from target:/etc/httpd/modules/mod_auth_openidc.so  
#5  0x00007f1c994f2eaa in oidc_authz_checker () from target:/etc/httpd/modules/mod_auth_openidc.so   
#6  0x00007f1ca5755d61 in apply_authz_sections () from target:/etc/httpd/modules/mod_authz_core.so   
#7  0x00007f1ca5755e45 in apply_authz_sections () from target:/etc/httpd/modules/mod_authz_core.so   
#8  0x00007f1ca575611a in authorize_user_core () from target:/etc/httpd/modules/mod_authz_core.so    
#9  0x00005637546a82e8 in ap_run_auth_checker ()                                                     
#10 0x00005637546aa8bc in ap_process_request_internal ()                                             
#11 0x00005637546c9840 in ap_process_async_request ()                                                
#12 0x00005637546c5ce0 in ap_process_http_connection ()                                              
#13 0x00005637546bc0c8 in ap_run_process_connection ()                                               
#14 0x00007f1c9dd5fa47 in process_socket () from target:/etc/httpd/modules/mod_mpm_event.so          
#15 0x00007f1c9dd603ea in worker_thread () from target:/etc/httpd/modules/mod_mpm_event.so
#16 0x00007f1ca903f1cf in start_thread () from target:/lib64/libpthread.so.0
#17 0x00007f1ca8aa7d83 in clone () from target:/lib64/libc.so.6

Our config has: 

    Require claims_expr '(.scope | index("https://src.fedoraproject.org/push") != null)'

and that seems to cause jq to run out of memory now?

It may also have something to do with our httpd setup, but we aren't limiting things that I can think of. 

Downgrading back to jq-1.5-12.el8.x86_64 and restarting httpd (note: just reloading doesn't do it) seems to work around the issue.

Happy to gather more info, etc.
Comment 6 Scott Poore 2023-04-21 15:27:55 UTC 
Verified.

Version ::

jq-1.6-15.el9.x86_64


Results ::

gating tests pass.

No segfault:

# gcc -o segfault_test segfault_in_multi_threaded_env.c -lpthread -ljq

# ./segfault_test 
jq_init jq: 0x7f04d0000b60 prg: .data
jq_init jq: 0x7f04c8000b60 prg: .data
compiled
dumped: 1
compiled
dumped: 1