luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

osx: Fix a possible segfault in uv__io_poll

Browse Source 
In our build infrastructure, I've seen a lot of segfaults recently that
were all only happening on OSX. Upon inspecting the coredumps, it
appearded that all segfaults happened at the same instruction, and upon
translating the assembly back to the source, I found that an array could
be indexed with a -1 index before the index was checked to be not -1.

As concrete evidence, here is the situation that I found caused the
segfault.  The instruction in question along with the relevant register
values was:

    mov    (%r8,%r15,8),%r12

    r8  = 0x7fb0ba800000
    r15 = 0xffffffffffffffff

    r8 + r15 * 8 == 0x7fb0ba7ffff8

It appears that the base of loop->watchers was page aligned, and by
going back one word I guess that the page wasn't mapped, causing our
segfaults.
This commit is contained in:
Alex Crichton 2013-12-21 20:12:35 -08:00 committed by Fedor Indutny
parent 140c863ff0
commit f166d6d705
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/unix/kqueue.c
View File

@ -167,11 +167,10 @@ void uv__io_poll(uv_loop_t* loop, int timeout) {
for (i = 0; i < nfds; i++) {
ev = events + i;
fd = ev->ident;
w = loop->watchers[fd];
/* Skip invalidated events, see uv__platform_invalidate_fd */
if (fd == -1)
continue;
w = loop->watchers[fd];
if (w == NULL) {
/* File descriptor that we've stopped watching, disarm it. */