Comments (12)
I'm debugging now, posted the issue for any tips or pointers. I've never debugged memory sanitizer bugs before.
from rust-bitcoin.
Putting llvm-symbolizer
in my path gives better output (I just symlinked to llvm-symbolizer-15
)
from rust-bitcoin.
I was unable to reslove this today, here are my findings:
- The call chain is
bitcoin::PublicKey::from_slice
->secp256k1::PublicKey::from_slice
->ffi::secp256k1_ec_pubkey_parse
secp256k1_ec_pubkey_parse
usesdata.as_c_ptr()
to get a pointer to the data array (unsigned char *
)- Accessing the first element of the data array triggers the MSAN error
- Right before the FFI call the data slice is non-empty
// Sanity, just ensure we can access the first element here.
if data[0] == 0xff {
panic!("first element of data is 0xff")
}
let pointer = data.as_c_ptr();
if pointer.is_null() {
panic!("pointer is null");
}
No further ideas ATM.
from rust-bitcoin.
Had another go, I'm hesitant to say it but it might be a bug in the MemorySanitazer? Or else something odd is going on. I changed rust-secp256k1/secp256k1-sys/depend/secp256k/src/secp256k1.c
to be:
int rustsecp256k1_v0_9_2_ec_pubkey_parse(const rustsecp256k1_v0_9_2_context* ctx, rustsecp256k1_v0_9_2_pubkey* _pubkey, const unsigned char *input, size_t inputlen) {
rustsecp256k1_v0_9_2_ge Q;
VERIFY_CHECK(ctx != NULL);
rustsecp256k1_v0_9_2_pubkey pk;
rustsecp256k1_v0_9_2_pubkey *pubkey = &pk;
if (pubkey == NULL) {
return 1;
}
ARG_CHECK(pubkey != NULL);
memset(pubkey, 0, sizeof(*pubkey));
ARG_CHECK(input != NULL);
if (input == NULL) {
return 20;
}
if (input[0] == 4) {
return 0;
}
/*
* Array access inside this function call is causing MSAN error but the array access above is ok
*
* This makes me think the bug is not ours because there should be no problem passing
* an arg to another function within C code.
* */
if (!rustsecp256k1_v0_9_2_eckey_pubkey_parse(&Q, input, inputlen)) {
return 0;
}
if (!rustsecp256k1_v0_9_2_ge_is_in_correct_subgroup(&Q)) {
return 0;
}
rustsecp256k1_v0_9_2_pubkey_save(pubkey, &Q);
rustsecp256k1_v0_9_2_ge_clear(&Q);
return 1;
}
from rust-bitcoin.
@apoelstra if you get a chance can you give this ten minutes and give some pointers on which direction to look please?
from rust-bitcoin.
ooo, it might not be the pub
arg at all - debugging now. Posting incase you get here at the same time.
from rust-bitcoin.
MSAN also errors for size_t
arguments, even when I replace the usize
on the otherside of the FFI boundry with a local variable.
Change key.rs
lines 556 - 567 to be (ie, line 560 is the FFI function call)
let mut ret = [0_u8; 66];
let mut ret_len = 66;
let res = unsafe {
ffi::secp256k1_ec_pubkey_serialize(
ffi::secp256k1_context_no_precomp,
ret.as_mut_c_ptr(),
&mut ret_len,
self.as_c_ptr(),
flag,
)
};
Still gives
==892789==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5591f749a2b7 in rustsecp256k1_v0_9_2_ec_pubkey_serialize /home/tobin/build/github.com/tcharding/rust-secp256k1/master/secp256k1-sys/depend/secp256k1/src/secp256k1.c:279:5
#1 0x5591f6881b09 in secp256k1::key::PublicKey::serialize_internal::hd1155a157cd04844 /home/tobin/build/github.com/tcharding/rust-secp256k1/master/src/key.rs:560:13
#2 0x5591f6881b09 in secp256k1::key::PublicKey::serialize_uncompressed::hc4d3025786944379 /home/tobin/build/github.com/tcharding/rust-secp256k1/master/src/key.rs:550:9
from rust-bitcoin.
I cannot repro. When I try to run the test I get
FATAL: Code 0x60c539d809b0 is out of application range. Non-PIE build?
FATAL: MemorySanitizer can not mmap the shadow memory.
FATAL: Make sure to compile with -fPIE and to link with -pie.
FATAL: Disabling ASLR is known to cause this error.
FATAL: If running under GDB, try 'set disable-randomization off'.
from rust-bitcoin.
Running in gdb everything seems fine. If I run in valgrind it says ==1124717== Warning: set address range perms: large range [0x10000000000, 0x100000000000) (defined)
then apperas to lock up.
from rust-bitcoin.
I wonder if we are hitting bitcoin-core/secp256k1#1506
from rust-bitcoin.
I wonder if we are hitting bitcoin-core/secp256k1#1506
Yes, this really looks like google/sanitizers#1614
from rust-bitcoin.
In the linked libsecp issue fanquake says that the upstream problem should be fixed (in github actions), so maybe we can re-enable msan.
But can maybe wait til after the release because futzing with CI is time-consuming and annoying.
from rust-bitcoin.
Related Issues (20)
- Should checked_add panic HOT 2
- hashes: Use `u64` for hash engine length HOT 2
- semver job is failing intermittently on master HOT 4
- ci: pin dynamically `cargo-semver-checks` version
- The `units::block` module is not showing up in the online rustdocs HOT 1
- Revert #2585
- `from_second_ceil` panics if input is too big HOT 3
- primitives: Consider removing `serde` stuff HOT 6
- Game plan for `primitives` HOT 7
- Check all re-exports are as desired HOT 1
- Check signature of p2tr address type is wrong HOT 8
- address::ParseError depends on `bech32` HOT 3
- `Address::from_str` HOT 17
- Epic: Testing HOT 9
- Consider adding `hash_reader` functions HOT 15
- Update `CONTRIBUTING.md` HOT 5
- Remove `From<bitcoinconsensus::Error> for BitcoinconsensusError` HOT 3
- Should `Hash::const_hash` be public HOT 3
- Re-exporting error types HOT 3
- Use of wildcard in re-exports HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rust-bitcoin.