You are not logged in.

#1 2009-06-13 20:38:53

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Memory allocation errors treatment in Arch.

Arch seems to be very forgiving about invalid free()'s like:
char *lala; free(lala);

And buffer overflows like:
char lala[2]; sprintf(lala, "bababa");.

It happened several times already, that programs I wrote ran smoothly on Arch (supposedly) but then crashed miserably in Ubunto and Fedora because of a memory allocation related bug.
Is there some kernel option in the default Arch kernel that makes this happen? are the Ubuntu/Fedora kernels compiled with more strict memory allocation check settings?

Offline

#2 2009-06-13 23:12:28

vkumar
Member
Registered: 2008-10-06
Posts: 166

Re: Memory allocation errors treatment in Arch.

check this out for now;
http://wiki.archlinux.org/index.php/Grsecurity_patchset

I'm not sure if it's what you want, but it might stop you from running code like that.


div curl F = 0

Offline

#3 2009-06-13 23:29:25

wonder
Developer
From: Bucharest, Romania
Registered: 2006-07-05
Posts: 5,941
Website

Re: Memory allocation errors treatment in Arch.

maybe ubuntu have ssp and pie support in gblic and gcc.

ssp =stack smashing protector
pie = position independent executables
usually that is only for hardened systems.


Give what you have. To someone, it may be better than you dare to think.

Offline

#4 2009-06-13 23:40:59

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Memory allocation errors treatment in Arch.

what is "lala" an extern or auto variable?

Offline

#5 2009-06-15 17:17:40

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Memory allocation errors treatment in Arch.

Thanks all for the replies.

Unfortunately its not the case, I am pretty sure it has something to do with the kernel, I guess I can just try to use the Fedora kernel inside Arch as a test.

Offline

#6 2009-06-15 18:00:34

scio
Member
From: Buffalo, NY
Registered: 2008-08-05
Posts: 366

Re: Memory allocation errors treatment in Arch.

Wouldn't free and malloc differences more likely be due to glibc and gcc like wonder said?

Offline

#7 2009-06-15 18:51:39

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Memory allocation errors treatment in Arch.

scio wrote:

Wouldn't free and malloc differences more likely be due to glibc and gcc like wonder said?

Well I dont think that those other distributions use extreme settings like that, but I guess before switching the kernel I can try taking the executable itself which contains the bug that doesn't crash in Arch, and run it on Fedora.

Edit: typo

Last edited by daf666 (2009-06-15 18:52:27)

Offline

#8 2009-06-15 22:22:32

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Memory allocation errors treatment in Arch.

djgera wrote:

what is "lala" an extern or auto variable?

about this?

Offline

#9 2009-06-16 10:02:54

wonder
Developer
From: Bucharest, Romania
Registered: 2006-07-05
Posts: 5,941
Website

Re: Memory allocation errors treatment in Arch.

i'm sure that ubuntu has ssp enabled by default. searching on google about "ubuntu ssp" show that they had a plan and they did it in 2006.
https://wiki.ubuntu.com/GccSsp


Give what you have. To someone, it may be better than you dare to think.

Offline

#10 2009-06-16 17:00:36

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Memory allocation errors treatment in Arch.

djgera wrote:
djgera wrote:

what is "lala" an extern or auto variable?

about this?

Sorry djgera, its a regular auto variable, dont think it matters though.

Offline

#11 2009-06-16 17:01:21

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Memory allocation errors treatment in Arch.

wonder wrote:

i'm sure that ubuntu has ssp enabled by default. searching on google about "ubuntu ssp" show that they had a plan and they did it in 2006.
https://wiki.ubuntu.com/GccSsp

Hmm.. I see..  thanks.

Offline

#12 2009-06-16 22:55:56

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Memory allocation errors treatment in Arch.

daf666 wrote:
djgera wrote:
djgera wrote:

what is "lala" an extern or auto variable?

about this?

Sorry djgera, its a regular auto variable, dont think it matters though.

Yes matters, because an auto variable is on the stack, but no and extern/static variable, these are on data segment/bss.

(1)
*char *lala;
...
function
  free(lala);

lala is initialized to 0 so free(0) is valid an no crash wink

(2)
char lala[2];
...
function
  sprintf(lala, "bababa");

can't crash, you need to overwrite more than ~4Kb (1 page, that is the size of minimal data segment) to do a segmentation fault.

In the case of an auto variable, you are playing with more delicated data structure: the stack. So

*char *lala; free(lala); No crash if "lala" is zero,
char lala[2]; sprintf(lala, "bababa"); No crash because you need more bytes to overwrite the saved frame pointer or the return address.

Offline

#13 2009-06-17 18:18:52

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Memory allocation errors treatment in Arch.

djgera wrote:

*char *lala; free(lala); No crash if "lala" is zero,
char lala[2]; sprintf(lala, "bababa"); No crash because you need more bytes to overwrite the saved frame pointer or the return address.

Nope,
1. *lala is not initialized like char *lala=NULL, the free crashes on Fedora (this is verified).
2. again, I can tell you for sure that writing to non allocated memory crashes on Fedora and not on Arch (consistently! - not just one random executable run).

Test it yourself if you want, I can also supply you with actual code with bugs that caused it.
Thanks for the effort! smile

Edit: I was testing on Fedora 10.

Last edited by daf666 (2009-06-17 18:21:02)

Offline

#14 2009-06-17 21:57:07

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Memory allocation errors treatment in Arch.

OK I just described the behaviour in normal and "mainline GCC" == "Arch Linux". Many mechanism exists in other GNU/Linux distros that patches GCC as you can see in above post about GCC+SSP and other features like fortify source in libraries. I don't have any experience with its.

In your Fedora 10, how looks the memory map of a simple application? What is the initial value that have an extern/static variable or pointer if you don't assing a value?

Last edited by djgera (2009-06-17 22:02:32)

Offline

#15 2009-06-18 03:33:55

Lux Perpetua
Member
From: The Local Group
Registered: 2009-02-22
Posts: 73

Re: Memory allocation errors treatment in Arch.

daf666 wrote:

Arch seems to be very forgiving about invalid free()'s like:
char *lala; free(lala);

And buffer overflows like:
char lala[2]; sprintf(lala, "bababa");.

It happened several times already, that programs I wrote ran smoothly on Arch (supposedly) but then crashed miserably in Ubunto and Fedora because of a memory allocation related bug.
Is there some kernel option in the default Arch kernel that makes this happen? are the Ubuntu/Fedora kernels compiled with more strict memory allocation check settings?

That code results in undefined behavior. That means all bets are off. It might crash, it might not. Not all invalid free()s will by caught by glibc, but I've had a couple that were (yes, on Arch). Did you recompile the program for each system, or is it the same executable running on all three Linuxes? In any case, I would be extremely skeptical of any conclusions drawn based on running such code.

Offline

#16 2009-06-30 08:35:05

feler
Member
From: Madrid, Spain
Registered: 2008-10-19
Posts: 7

Re: Memory allocation errors treatment in Arch.

Arch GCC doesn't enable SSP by default, but you can enable it compiling with -fstack-protector (and disable it with -fno-stack-protector).

Try to compile in Arch with -fstack-protector and in Fedora with -fno-stack-protector.

djgera, que bueno ver a un argentino por aqui smile

Offline

Board footer

Powered by FluxBB