fun fact: When you dereference an unmapped address on X86-64, there are three different ways the CPU can tell you that!
#PF: the classic
#GP: that address *CAN'T* even be mapped
#SS: like #GP but also your compiler happened to place the pointer in RBP
-
-
syzkaller report for what looks from a quick look like a NULL deref (which ASAN turns into non-canonical address deref), causing
#SS because RBP is used: https://syzkaller.appspot.com/bug?id=9fb65ba4c602893421df0d36b0e2d52453af573a …1 reply 3 retweets 6 likesShow this thread -
Replying to @tehjh
Many years ago, on Mac OS, GP fault crash reports looked like Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: 0x000000000000000d, 0x0000000000000000 which made people think it was a NULL deref. 0xd is the code for GP fault
1 reply 0 retweets 1 like -
Replying to @yabbadabbadrew @tehjh
Now: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT
1 reply 0 retweets 0 likes -
Replying to @yabbadabbadrew @tehjh
https://opensource.apple.com/source/xnu/xnu-6153.81.5/osfmk/i386/trap.c.auto.html … The comment starting at " * There's a wide range of circumstances which generate this * class of exception. " sums up the difficulty in categorizing / reporting this exception.
1 reply 0 retweets 0 likes -
Replying to @yabbadabbadrew
On Linux I wired it up to the infrastructure for decoding instructions and calculating the memory operand's address: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=59c1dcbed5b51cab543be8f47b6d7d9cf107ec94 … Also hooked it up to KASAN so that in inline mode,
#GP crashes caused by KASAN on NULL deref and so on look better: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f004eea0fc8f86b45dfc2007add2d4986de8d02 …1 reply 0 retweets 1 like
(with a message that hedges a bit, saying "probably" if the address is non-canonical or "maybe" if it is canonical)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.