Bug 1956326 - annocheck SEGV in a (privileged) container
Summary: annocheck SEGV in a (privileged) container
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: annobin
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nick Clifton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-03 13:34 UTC by Martin Cermak
Modified: 2021-05-12 07:24 UTC (History)
3 users (show)

Fixed In Version: annobin-9.71.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-12 07:24:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Martin Cermak 2021-05-03 13:34:20 UTC 
$ podman run --privileged -ti registry.fedoraproject.org/fedora:rawhide /bin/bash
[root@eaabfcea622c /]# yum install annobin-annocheck gdb --quiet
Is this ok [y/N]: y

Installed:
  annobin-annocheck-9.70-1.fc35.x86_64                        annobin-docs-9.70-1.fc35.noarch                     
  boost-regex-1.75.0-4.fc35.x86_64                            ctags-5.9-0.1.20210307.0.fc35.x86_64                
  dbus-libs-1:1.12.20-3.fc34.x86_64                           dnf-plugins-core-4.0.21-1.fc35.noarch               
  elfutils-debuginfod-client-0.183-3.fc35.x86_64              gc-8.0.4-5.fc34.x86_64                              
  gdb-10.1-18.fc35.x86_64                                     gdb-headless-10.1-18.fc35.x86_64                    
  guile-5:2.0.14-24.fc34.x86_64                               jansson-2.13.1-2.fc34.x86_64                        
  libbabeltrace-1.5.8-6.fc34.x86_64                           libicu-67.1-6.fc35.x86_64                           
  libipt-2.0.4-2.fc35.x86_64                                  libseccomp-2.5.0-4.fc34.x86_64                      
  libtool-ltdl-2.4.6-40.fc34.x86_64                           python3-dateutil-1:2.8.1-3.fc34.noarch              
  python3-dbus-1.2.16-4.fc34.x86_64                           python3-distro-1.5.0-5.fc34.noarch                  
  python3-dnf-plugins-core-4.0.21-1.fc35.noarch               python3-setuptools-56.0.0-2.fc35.noarch             
  python3-six-1.15.0-5.fc35.noarch                            source-highlight-3.1.9-9.fc35.x86_64                
  xxhash-libs-0.8.0-2.fc34.x86_64                            

[root@eaabfcea622c /]# dnf debuginfo-install annobin-annocheck --quiet -y

Installed:
  annobin-annocheck-debuginfo-9.70-1.fc35.x86_64                annobin-debuginfo-9.70-1.fc35.x86_64               
  annobin-debugsource-9.70-1.fc35.x86_64                       

[root@eaabfcea622c /]# gdb -args annocheck /bin/bash
GNU gdb (GDB) Fedora 10.1-18.fc35
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from annocheck...
Reading symbols from /usr/lib/debug/usr/bin/annocheck-9.70-1.fc35.x86_64.debug...
(gdb) r
Starting program: /usr/bin/annocheck /bin/bash
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.33.9000-2.fc35.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
annocheck: Version 9.70.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7fcc80d in ?? ()
Missing separate debuginfos, use: dnf debuginfo-install audit-libs-3.0.1-2.fc35.x86_64 bzip2-libs-1.0.8-6.fc34.x86_64 cyrus-sasl-lib-2.1.27-10.fc35.x86_64 elfutils-debuginfod-client-0.183-3.fc35.x86_64 elfutils-libelf-0.183-3.fc35.x86_64 elfutils-libs-0.183-3.fc35.x86_64 keyutils-libs-1.6.1-2.fc34.x86_64 krb5-libs-1.19.1-3.fc35.1.x86_64 libacl-2.3.1-1.fc35.x86_64 libattr-2.5.1-1.fc35.x86_64 libbrotli-1.0.9-4.fc34.x86_64 libcap-2.48-2.fc35.x86_64 libcap-ng-0.8.2-4.fc34.x86_64 libcom_err-1.46.2-2.fc35.x86_64 libcurl-7.76.1-1.fc35.x86_64 libidn2-2.3.0-5.fc34.x86_64 libnghttp2-1.43.0-2.fc35.x86_64 libpsl-0.21.1-3.fc34.x86_64 libssh-0.9.5-2.fc34.x86_64 libunistring-0.9.10-10.fc34.x86_64 libxcrypt-4.4.19-1.fc35.x86_64 libzstd-1.4.9-1.fc35.x86_64 lua-libs-5.4.2-2.fc34.x86_64 openssl-libs-1.1.1k-1.fc35.x86_64 pcre2-10.36-4.fc35.x86_64 popt-1.18-4.fc35.x86_64 rpm-libs-4.16.90-0.git15395.4.fc35.x86_64 sqlite-libs-3.35.5-1.fc35.x86_64 xz-libs-5.2.5-5.fc34.x86_64 zlib-1.2.11-26.fc35.x86_64
(gdb) bt
#0  0x00007ffff7fcc80d in ?? ()
#1  0x00007ffff7d46cf5 in clock_getres.5 () from /lib64/libc.so.6
#2  0x000055555555e503 in timing_start_scan (level=<optimized out>, datafile=<optimized out>)
    at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/timing.c:146
#3  0x0000555555559ebd in main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/annocheck.c:1858
(gdb) 


Looking at /usr/src/debug/annobin-9.70-1.fc35.x86_64/annocheck/timing.c:146 :

    136 static void
    137 timing_start_scan (uint level, const char * datafile)
    138 {
    139   num_files = 0;
    140   scan_time = 0;
    141   clk_id = CLOCK_REALTIME;
    142 
    143   if (0)
    144     ;
    145 #ifdef CLOCK_MONOTONIC
    146   else if (clock_getres (CLOCK_MONOTONIC, NULL) == 0)
    147     clk_id = CLOCK_MONOTONIC;
    148 #endif
    149 #ifdef CLOCK_PROCESS_CPUTIME_ID
    150   else if (clock_getres (CLOCK_PROCESS_CPUTIME_ID, NULL) == 0)
    151     clk_id = CLOCK_PROCESS_CPUTIME_ID;
    152 #endif
    153   /* FIXME: Try other clocks ?  */
    154 }

Looks like the SEGV happens in the clock_getres() call.
Comment 1 Nick Clifton 2021-05-04 14:30:27 UTC 
Hi Martin,

  I am unable to reproduce this bug myself, but the call to clock_getres() should not be happening in the first place, so I have created an update version of annobin (9.71) which should address this issue.

Cheers
  Nick
Comment 2 Martin Cermak 2021-05-12 07:24:02 UTC 
Hi Nick, it does look good:

[root@9897a7d4b44c /]# rpm -q annobin-annocheck
annobin-annocheck-9.70-1.fc35.x86_64
[root@9897a7d4b44c /]# annocheck /bin/bash
annocheck: Version 9.70.
Segmentation fault (core dumped)
[root@9897a7d4b44c /]# rpm -qa | fgrep annobin
annobin-docs-9.70-1.fc35.noarch
annobin-annocheck-9.70-1.fc35.x86_64
[root@9897a7d4b44c /]# rpm -Uvh https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/noarch/annobin-docs-9.71-1.fc35.noarch.rpm https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/x86_64/annobin-annocheck-9.71-1.fc35.x86_64.rpm
Retrieving https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/noarch/annobin-docs-9.71-1.fc35.noarch.rpm
Retrieving https://kojipkgs.fedoraproject.org//packages/annobin/9.71/1.fc35/x86_64/annobin-annocheck-9.71-1.fc35.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:annobin-docs-9.71-1.fc35         ################################# [ 25%]
   2:annobin-annocheck-9.71-1.fc35    ################################# [ 50%]
Cleaning up / removing...
   3:annobin-annocheck-9.70-1.fc35    ################################# [ 75%]
   4:annobin-docs-9.70-1.fc35         ################################# [100%]
[root@9897a7d4b44c /]# annocheck /bin/bash
annocheck: Version 9.71.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: Warning: bash: Corrupt annobin note : end address == -1.
Hardened: bash: PASS.
[root@9897a7d4b44c /]#


Thanks!
Note You need to log in before you can comment on or make changes to this bug.