|
|
|
|
|
|
by mbarashkov
1836 days ago
|
|
|
How Elbrus CPU helped find a bug in Tar https://savannah.gnu.org/patch/?10081 Elbrus CPU (https://en.wikipedia.org/wiki/Elbrus-8SV) has a special protected mode of operation.
Technically accessible by compiling with a -m128 flag, it allows to capture, on the CPU level itself, memory access errors, so where a usual application would most often work just fine (with potential buffer overflow issues, of course), a protected mode application crashes. Basically it does 2 things: first, catches going outside of allocated pointer size (each pointer is actually a 128-bit object, containing information about its allocated size); and second, catch access to uninitialized data.
So I've been experimenting with this mode on a 4-CPU Elbrus machine and compiled tar in this mode. Almost all tests passed just fine - except just one of nearly two hundred. That specific test that failed was working with a zero-byte archive file, and after examining the sources I found out that the file read function actually doesn't care much if it read less than 10240 bytes from file; the buffer (which isn't initialized) is passed on to different functions and is processed in various ways. So potentially it's a quite dangerous issue, it seems. Hence I've submitted a patch for the Tar application (it's in the link).
Meanwhile I plan to experiment more with protected mode crash-tests. Main issue is that it's not easy to compile complex apps in protected mode, because you need to recompile the whole chain of dependent libraries - a protected-mode application can't link with "ordinary" ones at all. |
|
|