SaBRe
SaBRe copied to clipboard
srg-imperial
Unable to get backtraces from client program from SIGSEGV handler
When a signal action is attached from the plugin, it is not possible to properly locate symbols for functions in the client program in order to present the user with a backtrace for debugging purposes.
A minimal reproduction is given with this patch. This can be applied by the usual means using the patch utility from the top level of the SaBRe tree with the following command patch -p1 < sigsegv_repro.patch
To observe the unexpected behaviour, build the SaBRe tree normally. This will produce an additional subdirectory in the build tree under plugins/sigsegv-repro. This contains two products, a shared object plugin for SaBRe that installs a signal handler for SIGSEGV from within the plugin, the resulting shared object is libbacktrace-plugin.so. The other build product is a small sample executable that triggers a segmentation fault by attempting to dereference the NULL pointer with three levels of function call indirection to be able to observe a backtrace, this product is called backtrace-offender. The command to observe the issue is ./sabre plugins/sigsegv-repro/libbacktrace-plugin.so plugins/sigsegv-repro/backtrace-offender
To be able to observe the expected behaviour of the signal handler, it needs to be installed from the sample executable backtrace-offender. The build system provides a facility to conveniently enable this functionality by passing the -DHANDLER_IN_OFFENDER=ON option to CMake when configuring the build system. You can run the same command as previously to observe a correct backtrace.
So a partial solution would be to use dlmopen() instead of our custom ELF loader. This would only work for PIE binaries though.