Bug 215504

Summary: limits -s 0 limits causes limits process to segfault
Product: Base System Reporter: Enji Cooper <ngie>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me CC: markj
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Enji Cooper freebsd_committer 2016-12-23 05:29:30 UTC
# limits -s 0 limits
Segmentation fault (core dumped)
# whoami
# gdb limits limits.core
GNU gdb (GDB) 7.11.1 [GDB v7.11.1 for FreeBSD]
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from limits...Reading symbols from /usr/src/svn/usr.bin/limits/limits.debug...done.
[New LWP 100106]
Core was generated by `limits -s 0 limits'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000800ab40a0 in setrlimit () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800ab40a0 in setrlimit () from /lib/libc.so.7
Backtrace stopped: Cannot access memory at address 0x7fffffffe8e8
Comment 1 Mark Johnston freebsd_committer 2016-12-24 23:16:53 UTC
Presumably this is because you asked limits to execute with a stack size of 0? Looking at kern_proc_setrlimit(), a request to decrease the current stack limit will cause the kernel to render inaccessible any pages beyond the new limit, so with a new size of 0 we'll crash upon returning from setrlimit(). (It also looks as though kern_proc_setrlimit() assumes that stacks grow down.)