Skip to content
This repository has been archived by the owner on Apr 5, 2019. It is now read-only.

SEGV in ristretto255_deisogenize: EXC_BAD_ACCESS (code=EXC_I386_GPFLT) #22

Closed
tarcieri opened this issue Aug 14, 2018 · 2 comments
Closed

SEGV in ristretto255_deisogenize: EXC_BAD_ACCESS (code=EXC_I386_GPFLT) #22

tarcieri opened this issue Aug 14, 2018 · 2 comments
Labels
security Security-critical bugs or changes

Comments

@tarcieri
Copy link
Member

tarcieri commented Aug 14, 2018
edited
Loading

Attempting to enable the tests in tests/src/lib.rs, I get the following crash (observed via lldb):

running 4 tests
Process 69140 stopped
* thread #2, name = 'test::compress_id', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x00000001001ea77c libristretto255.so.1`ristretto255_deisogenize + 1020
libristretto255.so.1`ristretto255_deisogenize:
->  0x1001ea77c <+1020>: vmovaps 0x80(%rax), %ymm0
    0x1001ea784 <+1028>: vmovaps 0xa0(%rax), %ymm1
    0x1001ea78c <+1036>: movq   0x38(%rsp), %rbx
    0x1001ea791 <+1041>: vmovaps %ymm1, 0x20(%rbx)
  thread #4, name = 'test::decompress_id', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x00000001001e96e8 libristretto255.so.1`gf_25519_add + 184
libristretto255.so.1`gf_25519_add:
->  0x1001e96e8 <+184>: vmovdqa %ymm0, (%rdi)
    0x1001e96ec <+188>: vzeroupper
    0x1001e96ef <+191>: retq

libristretto255.so.1`gf_25519_lobit:
    0x1001e96f0 <+0>:   pushq  %rbp
Target 0: (libristretto255_tests-59dcb8dd32adf3d3) stopped.

Full backtrace for libristretto255_tests:

error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0
* thread #2, name = 'test::compress_id', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
  * frame #0: 0x00000001001ea77c libristretto255.so.1`ristretto255_deisogenize + 1020
    frame #1: 0x00000001001ea875 libristretto255.so.1`ristretto255_point_encode + 85
    frame #2: 0x00000001000027fa libristretto255_tests-59dcb8dd32adf3d3`libristretto255_tests::RistrettoPoint::compress::ha56c48911aad6837(self=0x0000700007a09688) at lib.rs:257
    frame #3: 0x000000010000198b libristretto255_tests-59dcb8dd32adf3d3`libristretto255_tests::test::compress_id::h1f2ba3de8c835bad at lib.rs:460
    frame #4: 0x00000001000036b1 libristretto255_tests-59dcb8dd32adf3d3`libristretto255_tests::__test::TESTS::_$u7b$$u7b$closure$u7d$$u7d$::h66faa168e346e913((null)=0x0000700007a09890) at lib.rs:458
    frame #5: 0x0000000100001d71 libristretto255_tests-59dcb8dd32adf3d3`core::ops::function::FnOnce::call_once::h6ae8b7fdd312b269((null)=closure @ 0x0000700007a09890, (null)=<unavailable>) at function.rs:223
    frame #6: 0x0000000100005812 libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h7cf0b7791c290627 [inlined] test::run_test::_$u7b$$u7b$closure$u7d$$u7d$::hec98791de9d28f4a at lib.rs:1454 [opt]
    frame #7: 0x000000010000580d libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h7cf0b7791c290627 [inlined] core::ops::function::FnOnce::call_once::hc97e463a80d9227a at function.rs:223 [opt]
    frame #8: 0x000000010000580d libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h7cf0b7791c290627 at boxed.rs:640 [opt]
    frame #9: 0x000000010006440f libristretto255_tests-59dcb8dd32adf3d3`__rust_maybe_catch_panic at lib.rs:106 [opt]
    frame #10: 0x00000001000268ed libristretto255_tests-59dcb8dd32adf3d3`std::sys_common::backtrace::__rust_begin_short_backtrace::h87415cf8aa1695f9 [inlined] std::panicking::try::he1b4ac6c45715a15 at panicking.rs:289 [opt]
    frame #11: 0x00000001000268a8 libristretto255_tests-59dcb8dd32adf3d3`std::sys_common::backtrace::__rust_begin_short_backtrace::h87415cf8aa1695f9 [inlined] std::panic::catch_unwind::h133ff8b4ff460892 at panic.rs:392 [opt]
    frame #12: 0x00000001000268a8 libristretto255_tests-59dcb8dd32adf3d3`std::sys_common::backtrace::__rust_begin_short_backtrace::h87415cf8aa1695f9 [inlined] test::run_test::run_test_inner::_$u7b$$u7b$closure$u7d$$u7d$::h775774faa341d8cc at lib.rs:1409 [opt]
    frame #13: 0x000000010002689a libristretto255_tests-59dcb8dd32adf3d3`std::sys_common::backtrace::__rust_begin_short_backtrace::h87415cf8aa1695f9 at backtrace.rs:136 [opt]
    frame #14: 0x00000001000271c8 libristretto255_tests-59dcb8dd32adf3d3`std::panicking::try::do_call::h009c812734ce49fa [inlined] std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h2bd2752214cb69e3 at mod.rs:409 [opt]
    frame #15: 0x00000001000271b2 libristretto255_tests-59dcb8dd32adf3d3`std::panicking::try::do_call::h009c812734ce49fa [inlined] _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h3ec5617d3965943e at panic.rs:313 [opt]
    frame #16: 0x00000001000271b2 libristretto255_tests-59dcb8dd32adf3d3`std::panicking::try::do_call::h009c812734ce49fa at panicking.rs:310 [opt]
    frame #17: 0x000000010006440f libristretto255_tests-59dcb8dd32adf3d3`__rust_maybe_catch_panic at lib.rs:106 [opt]
    frame #18: 0x000000010001a895 libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::he6c16cd3f2658ccf [inlined] std::panicking::try::he8f4862204ca0806 at panicking.rs:289 [opt]
    frame #19: 0x000000010001a85c libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::he6c16cd3f2658ccf [inlined] std::panic::catch_unwind::hdab22dbdf545d8b3 at panic.rs:392 [opt]
    frame #20: 0x000000010001a85c libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::he6c16cd3f2658ccf [inlined] std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::h727bddaa6826a0f5 at mod.rs:408 [opt]
    frame #21: 0x000000010001a81e libristretto255_tests-59dcb8dd32adf3d3`_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::he6c16cd3f2658ccf at boxed.rs:640 [opt]
    frame #22: 0x0000000100045edc libristretto255_tests-59dcb8dd32adf3d3`std::sys::unix::thread::Thread::new::thread_start::h4d5ebaa4df00ca02 [inlined] _$LT$alloc..boxed..Box$LT$$LP$dyn$u20$alloc..boxed..FnBox$LT$A$C$$u20$Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$RP$$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::hb53fb566bf0c9c28 at boxed.rs:650 [opt]
    frame #23: 0x0000000100045ed9 libristretto255_tests-59dcb8dd32adf3d3`std::sys::unix::thread::Thread::new::thread_start::h4d5ebaa4df00ca02 [inlined] std::sys_common::thread::start_thread::h0a6985fe1d9e3995 at thread.rs:24 [opt]
    frame #24: 0x0000000100045e5e libristretto255_tests-59dcb8dd32adf3d3`std::sys::unix::thread::Thread::new::thread_start::h4d5ebaa4df00ca02 at thread.rs:90 [opt]
    frame #25: 0x00007fff5d6df661 libsystem_pthread.dylib`_pthread_body + 340
    frame #26: 0x00007fff5d6df50d libsystem_pthread.dylib`_pthread_start + 377
    frame #27: 0x00007fff5d6debf9 libsystem_pthread.dylib`thread_start + 13
@tarcieri tarcieri added the security Security-critical bugs or changes label Aug 14, 2018
@tarcieri
Copy link
Member Author

This appears to be alignment-related: the __attribute__((aligned(32))) on gf_25519_s is not being converted by bindgen into a #[repr(align(32))]. Adding this manually allows the tests to pass.

@tarcieri tarcieri mentioned this issue Aug 14, 2018
Open
tarcieri added a commit that referenced this issue Aug 15, 2018
@tarcieri
tests: Check-in bindgen binding, config alignment, enable tests
83c6931 
The cause of the SEGVs we were seeing in #22 were bindgen failing to
reflect the alignment attributes on structs (specifically gf_25519_t).

Until bindgen supports this, we have to check-in the generated bindings.

With the alignment fixed, the tests now pass!
@tarcieri tarcieri mentioned this issue Aug 15, 2018
Merged
tarcieri added a commit that referenced this issue Aug 15, 2018
@tarcieri
tests: Check-in bindgen binding, config alignment, enable tests
7250634 
The cause of the SEGVs we were seeing in #22 were bindgen failing to
reflect the alignment attributes on structs (specifically gf_25519_t).

Until bindgen supports this, we have to check-in the generated bindings.

With the alignment fixed, the tests now pass!
@tarcieri
Copy link
Member Author

Fixed in #35

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security Security-critical bugs or changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tarcieri