Bug#922075: [Pkg-javascript-devel] Bug#922075: Bug#922075: Bug#922075: Bug#922075: npm: segfault during extract on i386
Le lun. 20 sept. 2021 à 15:00, Bastien ROUCARIES a écrit : > > Le lun. 20 sept. 2021 à 14:24, Ondrej Zary a écrit : > > > > On Monday 20 September 2021, Bastien ROUCARIES wrote: > > > Could you try to apply > > > > > > https://github.com/nodejs/node/commit/aa4611cccbcb197df51a9f7056d019005d91acf4 [kapouer][jonas] Do you think it could be backported using std::share_ptr ? Superficially it seems semantic equivalent, but I am unease Bastien > > > > > > I think it describe that you see > > > > Does not apply, unfortunately. There's no node_dir.cc file and also no > > BaseObjectPtr definition. > > Ok as band aid could you replace in the patch BaseObjectPtr by > std:shared_ptr > > Bastien > > > > -- > > Ondrej Zary > > > > -- > > Pkg-javascript-devel mailing list > > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#922075: [Pkg-javascript-devel] Bug#922075: Bug#922075: Bug#922075: Bug#922075: npm: segfault during extract on i386
Le dim. 19 sept. 2021 à 21:57, Bastien ROUCARIES a écrit : > > try to pass > -fstack-protector-strong to the local version as cflags > > If it fail upstream does not take in acount stack protector > > Le dim. 19 sept. 2021 à 21:45, Bastien ROUCARIES > a écrit : > > > > Le dim. 19 sept. 2021 à 21:39, Bastien ROUCARIES > > a écrit : > > > > > > Le dim. 19 sept. 2021 à 21:36, Ondrej Zary a écrit : > > > > > > > > I've reinstalled nodejs and libnode64 back to original Buster > > > > 10.24.0~dfsg-1~deb10u1 and upgraded libuv1 to > > > > libuv1_1.34.2-1~bpo9+1_i386.deb from http://snapshot.debian.org > > > > > > > > It still segfaults! > > > > > > > > So it seems that the problem is not libuv version but its linking > > > > (included in node or external). Or cflags? > > > Or ldflags > > > > > > Could you dump the cflags/ldfalgs of both version? > > Or sanatizer that avoid a free after use... > > > > We harden a lot on debian side > > > > Bastien > > > > > > > > > > > > > > -- > > > > Ondrej Zary If it does work try to build both nodejs and libuv with -fsanitize=address or other sanitizer option Bastien > > > > -- > > > > Pkg-javascript-devel mailing list > > > > pkg-javascript-de...@alioth-lists.debian.net > > > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel > > > > -- > > Pkg-javascript-devel mailing list > > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#922075: [Pkg-javascript-devel] Bug#922075: Bug#922075: Bug#922075: Bug#922075: npm: segfault during extract on i386
Le dim. 19 sept. 2021 à 21:25, Bastien ROUCARIES a écrit : > > Le dim. 19 sept. 2021 à 21:15, Ondrej Zary a écrit : > > > > Added back --shared-zlib: works. > > Added back also --shared-cares: works. > > > > So you're right: --shared-libuv is the problem. > > Upstream seems to include libuv 1.34.2. > > Buster has 1.24.1-1. > > Do you have valgrind ? > > If so and if it work (test first on good version), it smell like a use > after free or a RAII violation > > I means, that libuv free a pointer, nodejs fill the buffer with code, > then libuv free it. BOOOM. >From libuv changelog - * unix,win: fix `uv_fs_poll_stop()` when active (Anna Henningsen) - * unix: fix race condition in uv_async_send() (Ben Noordhuis) But I suppose it will be quicker to bissect by build/try the different version of libuv... Bastien > > > -- > > Ondrej Zary > > > > -- > > Pkg-javascript-devel mailing list > > pkg-javascript-de...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Bug#922075: [Pkg-javascript-devel] Bug#922075: Bug#922075: Bug#922075: Bug#922075: npm: segfault during extract on i386
Le dim. 19 sept. 2021 à 21:15, Ondrej Zary a écrit : > > Added back --shared-zlib: works. > Added back also --shared-cares: works. > > So you're right: --shared-libuv is the problem. > Upstream seems to include libuv 1.34.2. > Buster has 1.24.1-1. Do you have valgrind ? If so and if it work (test first on good version), it smell like a use after free or a RAII violation I means, that libuv free a pointer, nodejs fill the buffer with code, then libuv free it. BOOOM. > -- > Ondrej Zary > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel