Debian Bug report logs - #994510
libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

version graph

Package: libunwind8; Maintainer for libunwind8 is Adrian Bunk <[email protected]>; Source for libunwind8 is src:libunwind (PTS, buildd, popcon).

Reported by: Aurelien Jarno <[email protected]>

Date: Thu, 16 Sep 2021 20:15:02 UTC

Severity: grave

Tags: bookworm, bullseye, upstream

Found in version libunwind/1.3.2-2

Forwarded to https://github.com/libunwind/libunwind/issues/69

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#994510: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32
Reply-To: Aurelien Jarno <[email protected]>, [email protected]
Resent-From: Aurelien Jarno <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected], Adrian Bunk <[email protected]>
X-Loop: [email protected]
Resent-Date: Thu, 16 Sep 2021 20:15:02 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: report 994510
X-Debian-PR-Package: libunwind8
X-Debian-PR-Keywords: upstream
X-Debian-PR-Source: libunwind
Received: via spool by [email protected] id=B.16318231802286
          (code B); Thu, 16 Sep 2021 20:15:02 +0000
Received: (at submit) by bugs.debian.org; 16 Sep 2021 20:13:00 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2-bugs.debian.org_2005_01_02
	(2018-09-13) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-20.7 required=4.0 tests=BAYES_00,DIGITS_LETTERS,
	DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
	FROMDEVELOPER,FVGT_m_MULTI_ODD,GMAIL,HAS_PACKAGE,MD5_SHA1_SUM,
	RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_NONE,TXREP,XMAILER_REPORTBUG
	autolearn=ham autolearn_force=no
	version=3.4.2-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 39; hammy, 150; neutral, 133; spammy,
	0. spammytokens: hammytokens:0.000-+--autopkgtest, 0.000-+--XDebbugsCc,
	 0.000-+--X-Debbugs-Cc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug
Received: from hall.aurel32.net ([2001:bc8:30d7:100::1]:40326)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1mQxkh-0000aK-WA
	for [email protected]; Thu, 16 Sep 2021 20:13:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	 s=202004.aurel32.user; h=Date:Message-ID:Subject:To:From:
	Content-Transfer-Encoding:MIME-Version:Content-Type:Cc:From:Reply-To:Subject:
	Content-ID:Content-Description:In-Reply-To:References:X-Debbugs-Cc;
	bh=WsDntNH3g+oUX6ZwLsAARxAsturJXTogge3DnCHPFv4=; b=tMaBG+m40ZgFFzOqgFvHop3MdR
	LIola6aFvBdKjMzBtkLvBxi83nduSPVqyvT6ggsig00LOxc2w30Tk1BIVr0Uo/AMrhVtQwKzjpwh8
	DcLLOoHiNTqUeyfL0vgXLAUUMuTW72nlEb8S40UitLQUB2YhmiaIrGTFY6m5At8EcaokyabvyLvpe
	pbnelZLniyvG3r+tkZnysaAVd0Cp9sI9xUaPBR/sNKyufq2dF91m9juqDcIL/RoHAOoXl4o2kgF1A
	VFZk2adex8VmzSVVdqUROoK7JS3hPjENSwLytnTfMGmQf+xV93hq0idEvB01nxFnoasLVLHmdcagR
	kPzvZe+w==;
Received: from [2a01:e34:ec5d:a741:8a4c:7c4e:dc4c:1787] (helo=ohm.rr44.fr)
	by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1mQxkf-00039m-9P; Thu, 16 Sep 2021 22:12:57 +0200
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1mQxke-00BLy7-Mk; Thu, 16 Sep 2021 22:12:56 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Aurelien Jarno <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Message-ID: <[email protected]>
X-Mailer: reportbug 7.10.3
Date: Thu, 16 Sep 2021 22:12:56 +0200
Delivered-To: [email protected]

Package: libunwind8
Version: 1.3.2-2
Severity: grave
Tags: upstream
X-Debbugs-Cc: [email protected]

Following the glibc 2.32 upload to unstable, the autopkgtest of the
rspamd package fails on i386, due to a segmentation fault when starting
the daemon [1].

After digging, it appears that the problem is due to libunwind and the
following upstream glibc change [2]:

| commit 15eab1e3e89129ab3ed03f5bdc3415b26e9caeb9 (master)
| Author: H.J. Lu <[email protected]>
| Date:   Sat Feb 1 05:44:55 2020 -0800
| 
|     i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ# 25262]
|     
|     On i386, since EAX, ECX and EDX are caller-saved, there are no need
|     to save and restore EAX, ECX and EDX in getcontext, setcontext and
|     swapcontext.  They just need to clear EAX on success.  The extra
|     scratch registers are needed to enable CET.
|     
|     Tested on i386.
|     
|     Reviewed-by: Adhemerval Zanella <[email protected]>


Basically EAX, ECX and EDX and are not saved anymore across a
getcontext() / setcontext() sequence, and more importantly they are not
restored in setcontext() which is used by libunwind to restore a context
after an exception. In that case, all the registers have to be restored,
including the caller-saved one.

It happens that libunwind shall not have used setcontext() there, but
rather defined its own implementation like its already done for
getcontext() as the behaviour of setcontext() is unspecified when passed
an ucp argument obtained from different sources than getcontext() or
makecontext(). Quoting the GNU libc manual:

| If the context was created by a call to a signal handler or from any
| other source then the behaviour of setcontext is unspecified.

Quoting POSIX.1-2004 (last version before it got removed):

| The effects of passing a ucp argument obtained from any other source
| are unspecified.

Note that upstream bug #69 might be relevant there [3].


[1] https://ci.debian.net/data/autopkgtest/testing/i386/r/rspamd/15290363/log.gz
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=15eab1e3e89129ab3ed03f5bdc3415b26e9caeb9
[3] https://github.com/libunwind/libunwind/issues/69

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 08:01:01 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.