From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 4396 invoked from network); 19 Jul 2023 13:41:50 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 19 Jul 2023 13:41:50 -0000 Received: (qmail 32723 invoked by uid 550); 19 Jul 2023 13:41:44 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 29784 invoked from network); 19 Jul 2023 13:41:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1689774053; x=1690378853; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=28/uNG/ksqYKrIb77/IfmNkATsbJ7yluclCsQo5AJMQ=; b=RqgvgIn5Z/3BERZiQ8J5PAReClOXnI5oxbiKOeHy5rybpKaRhd3xDXLmkm9WQ0ScaD gFvWrfMdKVlH45dogh3XMs/p6ehfdnuxyxq2mafp7YwqmU0MegLqtblDLTrw/h8aDPZF 7nYg8fZ3CEP8SJDy/Qf2o4VN6xN9EKxOpGMLCLbTufBh8iyrO6WCyyU9m520x/NztBbw /b2zj21FZg2xMYUn/L4sJE8cbCvlHaifDGMzg++vytX/mcHsqNrNY0cobBfmGUZ3BziN I8jWMptIruDVc1CoD3+846jCJW9GtlB81CUVA6lvVyLEU9y4j/imdRiXB4saKpUKUqNY f/9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689774053; x=1690378853; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=28/uNG/ksqYKrIb77/IfmNkATsbJ7yluclCsQo5AJMQ=; b=Ljs1j9HE8wQUntvoF/DtMIrb/V0tQP6mwczaSAeVEuVGL8Xg+Vm1soO+s9VHgoXy39 fpbAM4cfhgs7PyNu3vua6druiy2YytOeXecHH6TdzvRw/NWkwKaHG9uj8ami//5XovN7 qO3wjxQVVR9vqqVC08bjLEmOmJw6jIxHIO4/ZO9RGgNSGs6BFhowYsQjIYx51mi7/tfY ih2/+ZHZhQJWGLwah53QMvIxCwT5wqVUeo8NHI7J+G0OeFouJXZHgVC7L3FBY9tS6dc+ fyBYZZa5N8jd1KHE1FKcH7CHm840m3waaRbiEtNmeJo/V/SxDTxrt5uJlwKWvYSWWU4l XPNA== X-Gm-Message-State: ABy/qLaUqRURL44znGuxWUPxQN5uTBfvQ8LFs8Ms+ftyq/4nyqu6E4a7 PiImPbQqoCZ39e/Hqi7T3n7OMcEVnC+Tskx3NazpwZR5BAQ= X-Google-Smtp-Source: APBJJlG4pT/K5LdbRQFgNqJYcjoxQOn+OJJwecjGp2NVXj4Xa76jzLAfP/56VXTYXu4utnVKKXDGPOeL5p1tvRWO1mo= X-Received: by 2002:a17:906:2258:b0:992:9005:8302 with SMTP id 24-20020a170906225800b0099290058302mr1865214ejr.77.1689774053327; Wed, 19 Jul 2023 06:40:53 -0700 (PDT) MIME-Version: 1.0 References: <20230626210628.GS4163@brightrain.aerifal.cx> In-Reply-To: <20230626210628.GS4163@brightrain.aerifal.cx> From: Immolo Date: Wed, 19 Jul 2023 14:40:26 +0100 Message-ID: To: musl@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [musl] m68k - malloc causing 'out of memory: my_alloc caller' in rsync So after further investigation the cause of this issue was found to be in QEMU and the fix is now in 8.0.3 (https://gitlab.com/qemu-project/qemu/-/commit/df1e45c9dfc8d5e9f8c19677799e8a77c601ce29). On a side note I now have a full m68k musl stage3 working in Gentoo so if anyone is interesting in testing then feel free to ping me as immolo in either #musl or #gentoo-releng On Mon, 26 Jun 2023 at 22:06, Rich Felker wrote: > > On Mon, Jun 26, 2023 at 08:34:04PM +0100, Immolo wrote: > > Hi, > > > > I've been testing using Gentoo on m68k with musl -1.2.4 over the last few > > days and hit an interesting issue when running `emerge --sync` to update > > the portage tree would cause the following error: > > > > [receiver] out of memory: my_alloc caller (file=flist.c, line=311) > > rsync error: error allocating core memory buffers (code 22) at util2.c(123) > > [receiver=3.2.7] > > [generator] out of memory: my_alloc caller (file=flist.c, line=311) > > rsync error: error allocating core memory buffers (code 22) at util2.c(123) > > [generator=3.2.7] > > rsync: [receiver] write error: Broken pipe (32) > > Full output here: https://bpa.st/3VDNM > > > > Looking at the source code of the files it highlights it seems to be an > > issue in the malloc: > > https://github.com/WayneD/rsync/blob/master/util2.c#L123 > > https://github.com/WayneD/rsync/blob/master/flist.c#L311 > > https://github.com/WayneD/rsync/blob/master/fileio.c#L159 > > > > I've tested to see if a local rsync mirror will cause the same error with > > random files and found it happens at around 62 files being mirrored but > > size of the file does not matter. > > I run musll on multiple architectures and this is the first time I've run > > across it and have confirmed the Gentoo glibc m68k install does not run > > into this. > > I guess you should try putting a breakpoint on that line in flist.c > and see what values are being passed to realloc_array. > > Looking at the definition of realloc_array (at first I mistook this > for the new reallocarray function, but it's a custom thing in terms of > their my_alloc), this code does not look good. Unless max_alloc has > been set, there is no overflow checking, so aside from whatever is > going on with m68k, there is probably an exploitable integer overflow > bug: > > https://github.com/WayneD/rsync/blob/6f3c5eccee6cf4dead68b9f3fda8fc2ff90dc311/util2.c#L87 > > I'm guessing the underlying problem is either some mismatched function > call signature that only happens to mismatch the call ABI on m68k, or > perhaps some weird effect of structs having almost no alignment on > m68k. But I without actually seeing the values involved at the point > of failure, it's hard to narrow it down. > > Rich