Group::from_name misaligned pointer dereference

Question

Group::from_name misaligned pointer dereference

anonkey opened this issue 6 months ago · comments

Hello,
I'm on MacOS Sonoma on M1 processor

I've a panic only happening in dev not in release on this function call :

 let group = Group::from_name(group)?;

Result:

thread 'main' panicked at /Users/key/.cargo/registry/src/index.crates.io-6f17d22bba15001f/nix-0.27.1/src/unistd.rs:3794:16:
misaligned pointer dereference: address must be a multiple of 0x8 but is 0x14f809a09

I tried some flags : -C overflow-checks -C debug-assertions=on

But nothing change i can't figure out what's happening

Have any clue ?

Thanks

Alan Somers · Answer 1 · Fri Feb 02 2024 07:02:17 GMT+0800 (China Standard Time)

It's a bug in Nix. Try this patch (against the master branch, not v0.27.1 )

diff --cc src/unistd.rs
index 3d98a0efe,8c23d7c38..000000000
--- a/src/unistd.rs
+++ b/src/unistd.rs
@@@ -3476,11 -3790,11 +3476,11 @@@ impl Group 
          let mut ret = Vec::new();
  
          for i in 0.. {
-             let u = unsafe { mem.offset(i) };
-             if unsafe { (*u).is_null() } {
 -            let u: *mut *mut c_char = mem.offset(i);
 -            if (*u).is_null() {
++            let u = unsafe { mem.offset(i).read_unaligned() };
++            if u.is_null() {
                  break;
              } else {
-                 let s = unsafe {CStr::from_ptr(*u).to_string_lossy().into_owned()};
 -                let s = CStr::from_ptr(*u).to_string_lossy().into_owned();
++                let s = unsafe {CStr::from_ptr(u).to_string_lossy().into_owned()};
                  ret.push(s);
              }
          }

SteveLauC · Answer 2 · Tue Feb 06 2024 16:30:12 GMT+0800 (China Standard Time)

If this is a known bug and we know how to fix it, why not file a PR to get it resolved?

tt rt · Answer 3 · Tue Feb 06 2024 16:46:23 GMT+0800 (China Standard Time)

If this is a known bug and we know how to fix it, why not file a PR to get it resolved?

I was wondering why too.

I tried to apply the fix but since i have some crates who uses another version it seems to not be compatible, i'll dig further asap

SteveLauC · Answer 4 · Tue Feb 06 2024 20:33:44 GMT+0800 (China Standard Time)

We do have a test for this function, but it is only enabled on Linux.

I am thinking about adding a test for Group::from_gid() and Group::from_name() through the wheel group on macOS and possibly other BSDs? (As this group came from BSD)

    use nix::unistd::Group;

    let wheel = Group::from_name("wheel").unwrap().unwrap();
    assert_eq!(wheel.name, "wheel");
    let wheel_id = wheel.gid;

    let wheel = Group::from_gid(wheel_id).unwrap().unwrap();
    assert_eq!(wheel.gid, wheel_id);
    assert_eq!(wheel.name, "wheel");

Unless it is removed deliberately, this group should exist.

Alan Somers · Answer 5 · Tue Feb 06 2024 21:55:59 GMT+0800 (China Standard Time)

If this is a known bug and we know how to fix it, why not file a PR to get it resolved?

I mean that it's a known bug now, now that @anonkey reported it.

SteveLauC · Answer 6 · Wed Feb 07 2024 13:45:35 GMT+0800 (China Standard Time)

I mean that it's a known bug now, now that @anonkey reported it.

Ohh, I am sorry that I misunderstood it