[Mono-bugs] [Bug 636794] New: Crash in mono runtime

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Sep 2 14:58:11 EDT 2010 

https://bugzilla.novell.com/show_bug.cgi?id=636794

https://bugzilla.novell.com/show_bug.cgi?id=636794#c0


           Summary: Crash in mono runtime
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: x86
        OS/Version: Ubuntu
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: misc
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: iisaev at ispras.ru
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


Created an attachment (id=387299)
 --> (http://bugzilla.novell.com/attachment.cgi?id=387299)
exploit input

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8)
Gecko/2009033100 Ubuntu/9.04 (jaunty) Firefox/3.0.8

Mono runtime crashes even with security manager turned on.

Reproducible: Always

Steps to Reproduce:
mono-2.6.7/inst/bin/mono exploit_0_0

OR

mono-2.6.7/inst/bin/mono --security=validil exploit_0_0
Actual Results:  
Stacktrace:


Native stacktrace:

    ../branches/separate-analysis/mono-2.6.7/inst/bin/mono [0x80dac8b]
    ../branches/separate-analysis/mono-2.6.7/inst/bin/mono [0x8115fbb]
    [0xb7f04410]
    ../branches/separate-analysis/mono-2.6.7/inst/bin/mono(mono_main+0x19a5)
[0x80b8e65]
    ../branches/separate-analysis/mono-2.6.7/inst/bin/mono [0x805bb51]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7c8e775]
    ../branches/separate-analysis/mono-2.6.7/inst/bin/mono [0x805ba81]

Debug info from gdb:

Cannot access memory at address 0x0
[Thread debugging using libthread_db enabled]
[New Thread 0xb7c446f0 (LWP 24401)]
[New Thread 0xb6cf5b90 (LWP 24404)]
[New Thread 0xb6d26b90 (LWP 24403)]
[New Thread 0xb7b07b90 (LWP 24402)]
0xb7f04430 in __kernel_vsyscall ()
  4 Thread 0xb7b07b90 (LWP 24402)  0xb7f04430 in __kernel_vsyscall ()
  3 Thread 0xb6d26b90 (LWP 24403)  0xb7f04430 in __kernel_vsyscall ()
  2 Thread 0xb6cf5b90 (LWP 24404)  0xb7f04430 in __kernel_vsyscall ()
  1 Thread 0xb7c446f0 (LWP 24401)  0xb7f04430 in __kernel_vsyscall ()

Thread 4 (Thread 0xb7b07b90 (LWP 24402)):
#0  0xb7f04430 in __kernel_vsyscall ()
#1  0xb7e0b0e5 in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x0820a461 in GC_wait_marker () at pthread_support.c:1785
#3  0x0820d23f in GC_help_marker (my_mark_no=2) at mark.c:1116
#4  0x08209245 in GC_mark_thread (id=0x0) at pthread_support.c:548
#5  0xb7e074ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0xb7d5c49e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb6d26b90 (LWP 24403)):
#0  0xb7f04430 in __kernel_vsyscall ()
#1  0xb7e0e8f6 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x081e18d8 in collection_thread (unused=0x0) at collection.c:34
#3  0xb7e074ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#4  0xb7d5c49e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (Thread 0xb6cf5b90 (LWP 24404)):
#0  0xb7f04430 in __kernel_vsyscall ()
#1  0xb7e0d3f5 in sem_wait@@GLIBC_2.1 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x081f8e48 in mono_sem_wait (sem=0x82d8124, alertable=0) at
mono-semaphore.c:102
#3  0x0811c2a8 in finalizer_thread (unused=0x0) at gc.c:1022
#4  0x081529b7 in start_wrapper (data=0x870c698) at threads.c:666
#5  0x081ebade in thread_start_routine (args=0x870f694) at wthreads.c:286
#6  0x0820a0f3 in GC_start_routine (arg=0x35f20) at pthread_support.c:1390
#7  0xb7e074ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb7d5c49e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7c446f0 (LWP 24401)):
#0  0xb7f04430 in __kernel_vsyscall ()
#1  0xb7e0e0fb in read () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x080dae59 in mono_handle_native_sigsegv (signal=11, ctx=0xb7306d0c) at
/usr/include/bits/unistd.h:45
#3  0x08115fbb in mono_arch_handle_altstack_exception (sigctx=0xb7306d0c,
fault_addr=0x4, stack_ovf=0)
    at exceptions-x86.c:1287
#4  <signal handler called>
#5  0x0819d809 in mono_runtime_run_main (method=0x86fb224, argc=1,
argv=0xbfc1fc2c, exc=0x0) at object.c:3339
#6  0x080b8e65 in mono_main (argc=3, argv=0xbfc1fc24) at driver.c:999
#7  0x0805bb51 in main (argc=) at main.c:34
#0  0xb7f04430 in __kernel_vsyscall ()

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Aborted


Expected Results:  
No crash

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list