From c04218394fdf84468b1163c4c832d64071bbc798 Mon Sep 17 00:00:00 2001
From: Paul Guyot <pguyot@kallisys.net>
Date: Tue, 6 Jul 2010 23:48:48 +0200
Subject: Fix segmentation fault when dumping the crash log with hipe enabled
 and natively compiled modules

When loading a module, code area is allocated and header fields
code[MI_ATTR_SIZE] as well as code[MI_COMPILE_SIZE] are not
cleared. They are only set later when freeze_code is called, if the
module has attributes and compilation info, which should always be the
case. When loading a native module (as a stub), code is allocated as
well (to contain the stub functions), and code[MI_ATTR_SIZE] as well
as code[MI_COMPILE_SIZE] are not cleared either. Yet, freeze_code will
not be called (since there is no threaded code to freeze for native
modules), and as a result, these header fields are never set. They can
contain any garbage.

Later on, when writing a crash dump, the attributes and compilation
info are dumped, using these particular header fields. If the size is
garbage, the dump attribute function will iterate until it segfaults.

The fix consists in clearing code[MI_ATTR_SIZE] and
code[MI_COMPILE_SIZE] in both cases (threaded code and native
code). Even if non-native modules should contain code and attributes
and therefore the values code[MI_ATTR_SIZE] and code[MI_COMPILE_SIZE]
should be set by freeze_code, it seems cleaner and easier to maintain
to clear the whole the header in the "initialize code area"
section. As a result, crash dump will not segfault. Instead, native
modules will have an empty attributes and compilation info section in
the crash dump.
---
 erts/emulator/beam/beam_load.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'erts/emulator')

diff --git a/erts/emulator/beam/beam_load.c b/erts/emulator/beam/beam_load.c
index 30f276b95a..fb5e964937 100644
--- a/erts/emulator/beam/beam_load.c
+++ b/erts/emulator/beam/beam_load.c
@@ -1379,8 +1379,10 @@ read_code_header(LoaderState* stp)
     stp->ci = MI_FUNCTIONS + stp->num_functions + 1;
 
     stp->code[MI_ATTR_PTR] = 0;
+    stp->code[MI_ATTR_SIZE] = 0;
     stp->code[MI_ATTR_SIZE_ON_HEAP] = 0;
     stp->code[MI_COMPILE_PTR] = 0;
+    stp->code[MI_COMPILE_SIZE] = 0;
     stp->code[MI_COMPILE_SIZE_ON_HEAP] = 0;
     stp->code[MI_NUM_BREAKPOINTS] = 0;
 
@@ -5198,8 +5200,10 @@ erts_make_stub_module(Process* p, Eterm Mod, Eterm Beam, Eterm Info)
 
     code[MI_NUM_FUNCTIONS] = n;
     code[MI_ATTR_PTR] = 0;
+    code[MI_ATTR_SIZE] = 0;
     code[MI_ATTR_SIZE_ON_HEAP] = 0;
     code[MI_COMPILE_PTR] = 0;
+    code[MI_COMPILE_SIZE] = 0;
     code[MI_COMPILE_SIZE_ON_HEAP] = 0;
     code[MI_NUM_BREAKPOINTS] = 0;
     code[MI_ON_LOAD_FUNCTION_PTR] = 0;
-- 
cgit v1.2.3