Conversation

Do not take programming advice or security advice or, actually, any kind of advice from this man catb.org/~esr/gif2png/N

Changelog entry for gif2png from today saying "Redirect segfault to a graceful exit. Tired of meaningless fuzzer bugs."

read image description

ALT

298

708

Replying to

and

This is why the manifestation of memory UB on my kernel will be untrappable abnormal exit, not a catchable signal. 😊

Replying to

and

I wonder how many otherwise-legit apps catch SIGSEGV and friends? like, about the same as mmap the 0 page maybe?

Replying to

No, it's very common. It's widely used in garbage collectors (instead of write barriers) and JIT compilers (for changing the code and also just for halting code execution) among other places. It's so common that userfaultfd was added as a better approach: man7.org/linux/man-page

Replying to

Firefox also has a custom linker using this. On Android, the traditional officially supported approach to native libraries has them stored compressed in the apk and automatically extracted by the package manager to a library directory not writable by the application.

Replying to

The more modern officially supported approach leaves them uncompressed in the apk (which only impacts installed size, since apk downloads should be compressed due to this approach for various kinds of resources, etc.) and aligned to page size. The linker knows how to map those.

Replying to

Firefox stores the libraries compressed using a path not extracted as native libraries by the package manager. Instead, they manually extract / decompress the libraries. On low-memory ones, they put them in app data. On high-memory ones, they extract them directly into memory.

8:59 PM · Jun 20, 2019Twitter Web Client

Replying to

The insane part is that they use some nasty hacks to perform this extraction / decompression lazily. They catch segmentation faults from attempts to use the libraries and then map them in to those locations on demand, either paged from app data (low mem) or as dirty pages...

Replying to

Chromium takes the officially supported approach of having them stored aligned / uncompressed in the apk and mapped directly from there. In fact, that was originally created for Chromium in a custom "crazy_linker" (doesn't deserve that name when you look at what Firefox does).

Show replies