Bug 260006 - Compressed user core files with large segments are truncated
Summary: Compressed user core files with large segments are truncated
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.4-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-23 21:29 UTC by chorneck
Modified: 2021-11-26 00:00 UTC (History)
4 users (show)

See Also:


Attachments
Test program (553 bytes, text/plain)
2021-11-23 21:29 UTC, chorneck
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description chorneck 2021-11-23 21:29:47 UTC
Created attachment 229685 [details]
Test program

This problem can happen with kernels compiled with GZIO and sysctl kern.compress_user_cores=1.

If the program being dumped has a memory segment with size >= 0xFFFFFFFF, the segment will be silently truncated, which "damages" any memory segments written to the core file afterwards.

The root of the problem is in imgact_elf.c. The function compress_chunk accepts a length of type u_int (32-bits), while it's callers pass lengths of type size_t (64-bits). Thus, any segment with a length that cannot fit in 32-bits will be truncated.

The function compress_chunk lives on in later branches and appears to suffer the same problem.

Trivial test program that allocates a large memory segment before crashing is attached. Kernel must be compiled with GZIO and sysctl kern.compress_user_cores=1.
Comment 1 Mark Johnston freebsd_committer 2021-11-25 14:33:42 UTC
I believe this was fixed recently by https://cgit.freebsd.org/src/commit/?id=63cb9308a75b99fe057409705bc1b2ac0293f578

Looks like it still needs to be MFCed.