[APP CRASH] DR Fails to deliver signal when BB crosses a page boundary into a non-executable page

From peterfeiner on July 29, 2010 15:59:43

A similar problem: What steps will reproduce the problem? Compile the following program on 64-bit Linux:

#include <assert.h> #include <unistd.h> #include <sys/mman.h> #include <stdio.h>

int main(int argc, char* argv[]) {

// 1. Allocate two contiguous pages, the first with RWX permissions, the second RW-. // 2. Emit the following code // mov rax, 42 // ret // such that the RET instruction is stored on the first byte of the second page. // 3. Call the emitted code.

unsigned char* m = (unsigned char_) mmap(NULL, getpagesize() * 2, PROT_WRITE | PROT_READ, MAP_ANONYMOUS | MAP_SHARED, -1, 0); assert(m != MAP_FAILED); int mprotect_result = mprotect(m, getpagesize()_1, PROT_READ | PROT_WRITE | PROT_EXEC); assert(mprotect_result == 0);

unsigned char* code = m + getpagesize() - 7;

// mov rax, 42 code[0] = 0x48; code[1] = 0xc7; code[2] = 0xc0; code[3] = 0x2a; code[4] = 0x00; code[5] = 0x00; code[6] = 0x00;

// ret code[7] = 0xc3;

int x = ((int(*)(void)) code)();

printf("%d\n", x);

return argc; } What is the expected output? What do you see instead? I expect the program to crash as the result of an unhandled SEGV. Instead, under DR's control, the program prints 42 and exits cleanly. What version of the product are you using? On what operating system? Debug build of r379 on 64-bit Ubuntu 10.04. Please provide any additional information below.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=329