Do not take programming advice or security advice or, actually, any kind of advice from this man catb.org/~esr/gif2png/N
read image description
ALT
38
298
708
Conversation
This is why the manifestation of memory UB on my kernel will be untrappable abnormal exit, not a catchable signal. 😊
3
1
25
I wonder how many otherwise-legit apps catch SIGSEGV and friends? like, about the same as mmap the 0 page maybe?
9
15
No, it's very common. It's widely used in garbage collectors (instead of write barriers) and JIT compilers (for changing the code and also just for halting code execution) among other places. It's so common that userfaultfd was added as a better approach:
man7.org/linux/man-page
3
13
The other common use case is optimizing code size for NullPointerExceptions in managed languages: instead of littering every object access with a check and branch, just blindly dereference and fix things up in the signal handler.
1
2
This predictably leads to fun stuff when you have multiple runtimes in the same process that try to do the same thing. Android has some somewhat terrible hacks to maintain a chain of signal handlers that always get run first before user-set ones: android.googlesource.com/platform/art/+
1
2
The reason Firefox monkey patches Bionic is because they don't have access to this for their horrifying linker. I really think they just need to get rid of it and adopt the now standard support for mapping uncompressed libraries directly from the apk.
Quote Tweet
Replying to @DanielMicay @johnregehr and 3 others
Sources for this monstrosity are at hg.mozilla.org/mozilla-centra. Here's their function for monkey patching libc: hg.mozilla.org/mozilla-centra. Below that, you can see where they catch segfaults and trigger the library loading. They also measure signal latency to see if it's worth doing.
That's...hilarious? infuriating?
It's probably a bad sign that the first thing I thought about it is that they could have overwritten fewer instructions if they had used a thumb-2 relative branch to a trampoline.
1
1
I suppose that only matters if your goal is to emulate the overwritten instructions so that you can jump back to the original function, and they're just calling a reimplementation. I hope they don't have any null pointer exceptions, I guess?
1
Show replies