[Privoxy-devel] PATCH for pcre2 support

Gagan Sidhu broly at mac.com
Sun Jun 18 15:05:21 CEST 2023 

sorry for the second response, but i think i found the other issue.

in rewrite_url, it’s calling pcrs_execute_single_command, which calls pcrs_execute exactly as template_fill did (with the same variable for the buffer size and result size).

i have updated the patch to use the same solution you’ve provided earlier in this exchange.

32d4ba607ab45ee3970c3e5912943bef6192067c517fda26ae4bf18dc0a94119

this should fix the problem you’ve shown below, in case the conditional for pcre2_jit_compile was not the problem.

Thanks,
Gagan
-------------- next part --------------

> On Jun 18, 2023, at 6:58 AM, Gagan Sidhu <broly at mac.com> wrote:
> 
> thanks for this information.
> 
> i’ve updated the patch (yet again) to incorporate your changes and also potentially fix the issue.
> 
> the problem may be with the check i used for pcre2_jit_compile. i forgot to change the check for the error string.
> 
> it shouldn’t be strlen(errorstr) because if there is no error from the preceding pcre2_compile call, pcre2_get_error_message will fill errorstr with “no error”.
> 
> thus, it’s possible for pcre2_jit_compile to fail and have no error from pcre2_compile.
> 	- but since strlen(errorstr) will be true (errorstr = “no error”), then the job may be freed prematurely.
> 
> i think this would explain the issue, and ending up at a “malloc” call instead of the ensuing pcre2_pattern_info call.
> 
> new sha256sum is 
> 
> 768d84ca859008c23e3e50439ff416b3d76efb41d219038ea90e99b63b14b7a2
> 
> 
> the only other thing that could come to mind, is that other functions calling pcrs_execute in the same way (where the second and last argument use the same variable) are resulting in similar stack obliteration as before, which then would require similar fixes.
> 
> however, from what i’m seeing below, the execution path suggests strongly the issue is somewhere around pcre2_jit_compile.
> 	- the updated patch provides the a solution for “corner cases” where jit may fail but pcre2_compile did not report any errors.
> 
> Thanks,
> Gagan
> 
>> On Jun 18, 2023, at 3:12 AM, Fabian Keil <fk at fabiankeil.de> wrote:
>> 
>> Gagan Sidhu <broly at mac.com> wrote on 2023-06-17 at 06:40:29:
>> 
>>> anyways. let’s get this bad boy rolled into the tree.
>>> i’m delighted to hear everything is operational and we finally have pcre2 for privoxy!
>> 
>> Unfortunately it looks like there are a couple of issues left:
>> 
>> Reading symbols from /usr/jails/privoxy-jail/usr/local/sbin/privoxy...
>> [New LWP 101631]
>> [New LWP 101331]
>> Core was generated by `/usr/local/sbin/privoxy --pidfile /var/run/privoxy/privoxy.pid /usr/local/etc/pr'.
>> Program terminated with signal SIGABRT, Aborted.
>> Sent by kill() from pid 14895 and user 201.
>> #0  kill () at kill.S:4
>> 4	kill.S: No such file or directory.
>> [Current thread is 1 (LWP 101631)]
>> (gdb) where
>> #0  kill () at kill.S:4
>> #1  0x0000000826d226e0 in __fail (msg=0x826c2c824 "stack overflow detected; terminated") at /usr/src/lib/libc/secure/stack_protector.c:130
>> #2  0x0000000826d22650 in __stack_chk_fail () at /usr/src/lib/libc/secure/stack_protector.c:137
>> #3  0x000000000024ac0d in rewrite_url (
>>   old_url=0x837256cc0 "https://tech.slashdot.org/story/23/06/17/0211241/reddit-fight-enters-news-phase-as-moderators-vow-to-pressure-advertisers-cnn-reports?utm_source=rss1.0mainlinkanon&utm_medium=feed", 
>>   pcrs_command=0x837259100 "s@\\?(utm_source=rss1.0)?(mainlinkanon)?&utm_medium=feed@@") at filters.c:1038
>> #4  0x000000000024ad17 in redirect_url (csp=0x82ab29008) at filters.c:1257
>> #5  0x00000000002583c5 in crunch_response_triggered (csp=0x82ab29008, crunchers=0x218920 <crunchers_all>) at jcc.c:953
>> #6  0x00000000002569e6 in chat (csp=0x82ab29008) at jcc.c:4482
>> #7  0x0000000000255746 in serve (csp=0x82ab29008) at jcc.c:5056
>> #8  0x000000082663fa7a in thread_start (curthread=0x82aa51700) at /usr/src/lib/libthr/thread/thr_create.c:292
>> #9  0x0000000000000000 in ?? ()
>> Backtrace stopped: Cannot access memory at address 0x8358b3000
>> 
>> ==71261== Thread 1:
>> ==71261== 1,520 bytes in 19 blocks are definitely lost in loss record 20 of 29
>> ==71261==    at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
>> ==71261==    by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x275608: pcrs_compile (pcrs.c:709)
>> ==71261==    by 0x22E8E1: template_fill (cgi.c:2068)
>> ==71261==    by 0x22CB9A: template_fill_for_cgi (cgi.c:2168)
>> ==71261==    by 0x241C81: cgi_show_client_tags (cgisimple.c:440)
>> ==71261==    by 0x22B49E: dispatch_known_cgi (cgi.c:591)
>> ==71261==    by 0x22B240: dispatch_cgi (cgi.c:386)
>> ==71261==    by 0x258311: crunch_response_triggered (jcc.c:934)
>> ==71261==    by 0x2568BA: chat (jcc.c:4438)
>> ==71261==    by 0x255735: serve (jcc.c:5056)
>> ==71261== 
>> ==71261== 1,840 bytes in 23 blocks are definitely lost in loss record 23 of 29
>> ==71261==    at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
>> ==71261==    by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x275608: pcrs_compile (pcrs.c:709)
>> ==71261==    by 0x22E8E1: template_fill (cgi.c:2068)
>> ==71261==    by 0x22CB9A: template_fill_for_cgi (cgi.c:2168)
>> ==71261==    by 0x249A22: block_url (filters.c:739)
>> ==71261==    by 0x2583B4: crunch_response_triggered (jcc.c:953)
>> ==71261==    by 0x2569D5: chat (jcc.c:4482)
>> ==71261==    by 0x255735: serve (jcc.c:5056)
>> ==71261==    by 0x4CD5A79: ??? (in /lib/libthr.so.3)
>> ==71261==    by 0x1FDBDFFFFF: ???
>> ==71261== 
>> ==71261== 40,016 (38,960 direct, 1,056 indirect) bytes in 487 blocks are definitely lost in loss record 29 of 29
>> ==71261==    at 0x484CBC4: malloc (in /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-freebsd.so)
>> ==71261==    by 0x4BD3C0D: ??? (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x4BBC3D9: pcre2_jit_compile_8 (in /usr/local/lib/libpcre2-8.so.0.11.2)
>> ==71261==    by 0x275608: pcrs_compile (pcrs.c:709)
>> ==71261==    by 0x2753FE: pcrs_compile_command (pcrs.c:602)
>> ==71261==    by 0x267589: load_one_re_filterfile (loaders.c:1320)
>> ==71261==    by 0x266DBD: load_re_filterfiles (loaders.c:1068)
>> ==71261==    by 0x267896: run_loader (loaders.c:1439)
>> ==71261==    by 0x2645CA: load_config (loadcfg.c:2199)
>> ==71261==    by 0x254DBD: listen_loop (jcc.c:6214)
>> ==71261==    by 0x254B53: main (jcc.c:6011)
>> 
>> Fabian
>> _______________________________________________
>> Privoxy-devel mailing list
>> Privoxy-devel at lists.privoxy.org
>> https://lists.privoxy.org/mailman/listinfo/privoxy-devel
> 
> _______________________________________________
> Privoxy-devel mailing list
> Privoxy-devel at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-devel

More information about the Privoxy-devel mailing list