[Privoxy-devel] PATCH for pcre2 support
Gagan Sidhu
broly at mac.com
Sun Jun 18 14:58:13 CEST 2023
thanks for this information.
i’ve updated the patch (yet again) to incorporate your changes and also potentially fix the issue.
the problem may be with the check i used for pcre2_jit_compile. i forgot to change the check for the error string.
it shouldn’t be strlen(errorstr) because if there is no error from the preceding pcre2_compile call, pcre2_get_error_message will fill errorstr with “no error”.
thus, it’s possible for pcre2_jit_compile to fail and have no error from pcre2_compile.
- but since strlen(errorstr) will be true (errorstr = “no error”), then the job may be freed prematurely.
i think this would explain the issue, and ending up at a “malloc” call instead of the ensuing pcre2_pattern_info call.
new sha256sum is
768d84ca859008c23e3e50439ff416b3d76efb41d219038ea90e99b63b14b7a2
the only other thing that could come to mind, is that other functions calling pcrs_execute in the same way (where the second and last argument use the same variable) are resulting in similar stack obliteration as before, which then would require similar fixes.
however, from what i’m seeing below, the execution path suggests strongly the issue is somewhere around pcre2_jit_compile.
- the updated patch provides the a solution for “corner cases” where jit may fail but pcre2_compile did not report any errors.
Thanks,
Gagan
> On Jun 18, 2023, at 3:12 AM, Fabian Keil <fk at fabiankeil.de> wrote:
>
> Gagan Sidhu <broly at mac.com> wrote on 2023-06-17 at 06:40:29:
>
>> anyways. let’s get this bad boy rolled into the tree.
>> i’m delighted to hear everything is operational and we finally have pcre2 for privoxy!
>
> Unfortunately it looks like there are a couple of issues left:
>
> Reading symbols from /usr/jails/privoxy-jail/usr/local/sbin/privoxy...
> [New LWP 101631]
> [New LWP 101331]
> Core was generated by `/usr/local/sbin/privoxy --pidfile /var/run/privoxy/privoxy.pid /usr/local/etc/pr'.
> Program terminated with signal SIGABRT, Aborted.
> Sent by kill() from pid 14895 and user 201.
> #0 kill () at kill.S:4
> 4 kill.S: No such file or directory.
> [Current thread is 1 (LWP 101631)]
> (gdb) where
> #0 kill () at kill.S:4
> #1 0x0000000826d226e0 in __fail (msg=0x826c2c824 "stack overflow detected; terminated") at /usr/src/lib/libc/secure/stack_protector.c:130
> #2 0x0000000826d22650 in __stack_chk_fail () at /usr/src/lib/libc/secure/stack_protector.c:137
> #3 0x000000000024ac0d in rewrite_url (
> old_url=0x837256cc0 "https://tech.slashdot.org/story/23/06/17/0211241/reddit-fight-enters-news-phase-as-moderators-vow-to-pressure-advertisers-cnn-reports?utm_source=rss1.0mainlinkanon&utm_medium=feed",
> pcrs_command=0x837259100 "s@\\?(utm_source=rss1.0)?(mainlinkanon)?&utm_medium=feed@@") at filters.c:1038
> #4 0x000000000024ad17 in redirect_url (csp=0x82ab29008) at filters.c:1257
> #5 0x00000000002583c5 in crunch_response_triggered (csp=0x82ab29008, crunchers=0x218920 <crunchers_all>) at jcc.c:953
> #6 0x00000000002569e6 in chat (csp=0x82ab29008) at jcc.c:4482
> #7 0x0000000000255746 in serve (csp=0x82ab29008) at jcc.c:5056
> #8 0x000000082663fa7a in thread_start (curthread=0x82aa51700) at /usr/src/lib/libthr/thread/thr_create.c:292
> #9 0x0000000000000000 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x8358b3000
>
> ==71261== Thread 1:
> ==71261== 1,520 bytes in 19 blocks are definitely lost in loss record 20 of 29
> ==71261== at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
> ==71261== by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x275608: pcrs_compile (pcrs.c:709)
> ==71261== by 0x22E8E1: template_fill (cgi.c:2068)
> ==71261== by 0x22CB9A: template_fill_for_cgi (cgi.c:2168)
> ==71261== by 0x241C81: cgi_show_client_tags (cgisimple.c:440)
> ==71261== by 0x22B49E: dispatch_known_cgi (cgi.c:591)
> ==71261== by 0x22B240: dispatch_cgi (cgi.c:386)
> ==71261== by 0x258311: crunch_response_triggered (jcc.c:934)
> ==71261== by 0x2568BA: chat (jcc.c:4438)
> ==71261== by 0x255735: serve (jcc.c:5056)
> ==71261==
> ==71261== 1,840 bytes in 23 blocks are definitely lost in loss record 23 of 29
> ==71261== at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
> ==71261== by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x275608: pcrs_compile (pcrs.c:709)
> ==71261== by 0x22E8E1: template_fill (cgi.c:2068)
> ==71261== by 0x22CB9A: template_fill_for_cgi (cgi.c:2168)
> ==71261== by 0x249A22: block_url (filters.c:739)
> ==71261== by 0x2583B4: crunch_response_triggered (jcc.c:953)
> ==71261== by 0x2569D5: chat (jcc.c:4482)
> ==71261== by 0x255735: serve (jcc.c:5056)
> ==71261== by 0x4CD5A79: ??? (in /lib/libthr.so.3)
> ==71261== by 0x1FDBDFFFFF: ???
> ==71261==
> ==71261== 40,016 (38,960 direct, 1,056 indirect) bytes in 487 blocks are definitely lost in loss record 29 of 29
> ==71261== at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
> ==71261== by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
> ==71261== by 0x275608: pcrs_compile (pcrs.c:709)
> ==71261== by 0x2753FE: pcrs_compile_command (pcrs.c:602)
> ==71261== by 0x267589: load_one_re_filterfile (loaders.c:1320)
> ==71261== by 0x266DBD: load_re_filterfiles (loaders.c:1068)
> ==71261== by 0x267896: run_loader (loaders.c:1439)
> ==71261== by 0x2645CA: load_config (loadcfg.c:2199)
> ==71261== by 0x254DBD: listen_loop (jcc.c:6214)
> ==71261== by 0x254B53: main (jcc.c:6011)
>
> Fabian
> _______________________________________________
> Privoxy-devel mailing list
> Privoxy-devel at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-devel
More information about the Privoxy-devel
mailing list