luv: calling read_start after close can segfault#607
Merged
djs55 merged 1 commit intomoby:masterfrom Oct 22, 2022
Merged
Conversation
The segfault looks like this: ``` Thread 3 Crashed: 0 com.docker.vpnkit 0x10231b8b8 camlLuv__Helpers__set_reference_inner_1334 + 40 1 com.docker.vpnkit 0x10231b8b8 camlLuv__Helpers__set_reference_inner_1334 + 40 2 com.docker.vpnkit 0x1029c1108 caml_callback_exn + 24 (callback.c:111) [inlined] 3 com.docker.vpnkit 0x1029c1108 caml_callback + 44 (callback.c:165) 4 com.docker.vpnkit 0x102980aa0 luv_async_trampoline + 44 (helpers.c:64) 5 com.docker.vpnkit 0x102986a98 uv__async_io + 308 (async.c:163) 6 com.docker.vpnkit 0x102996be8 uv__io_poll + 992 7 com.docker.vpnkit 0x102986ec4 uv_run + 372 (core.c:389) 8 com.docker.vpnkit 0x10297cdd4 luv_stub_blocking_1_uv_run + 104 (c_generated_functions.c:1800) 9 com.docker.vpnkit 0x1029cc4e8 caml_c_call + 28 10 com.docker.vpnkit 0x1029c0e60 caml_callback_exn + 44 (callback.c:111) 11 com.docker.vpnkit 0x1029984a8 caml_thread_start + 112 (st_stubs.c:548) 12 libsystem_pthread.dylib 0x180a7d06c _pthread_start + 148 13 libsystem_pthread.dylib 0x180a77e2c thread_start + 8 ``` I reproduced this by `docker pull`ing an image, and using Control+C. The proxy is interrupted and closes the stream, while there is still a background read/write loop in progress. The assumption was that read after close would return a harmless error, but this isn't guaranteed by luv. Therefore we catch this case and return an error ourselves. Signed-off-by: David Scott <dave@recoil.org>
avsm
approved these changes
Oct 22, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The segfault looks like this:
I reproduced this by
docker pulling an image, and using Control+C. The proxy is interrupted and closes the stream, while there is still a background read/write loop in progress. The assumption was that read after close would return a harmless error, but this isn't guaranteed by luv. Therefore we catch this case and return an error ourselves.Signed-off-by: David Scott dave@recoil.org