Skip to content

Bump findshlibs to 0.7.0 #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2020
Merged

Bump findshlibs to 0.7.0 #211

merged 1 commit into from
May 13, 2020

Conversation

bradfier
Copy link
Contributor

@bradfier bradfier commented May 13, 2020
edited
Loading

findshlibs 0.5.0 has a serious defect in SharedLibrary::id, where it
uses file sizes and offsets when examining the PT_NOTE sections of an
ELF binary instead of the memory size/offset fields. This issue was
corrected by gimli-rs/findshlibs@046a431, but was released along with a
couple of semver breaking changes so it needs a bump in Cargo.toml to be
picked up.

This has a fairly major impact on projects where you have with_debug_meta enabled,
as it can lead to all sorts of issues, ranging from at best corrupted crash uploads reaching
Sentry, to SEGFAULTs when a thread panics, to wild UB as we try and read from totally
random memory addresses.

We have tested this in production by patching findshlibs with Cargo's patch function.

I'd suggest pushing out a 0.18.1 release for this if possible, given the impact of the above.

@bradfier
Bump findshlibs to 0.7.0
81ddf7b 
findshlibs 0.5.0 has a serious defect in `SharedLibrary::id`, where it
uses file sizes and offsets when examining the PT_NOTE sections of an
ELF binary instead of the memory size/offset fields. This issue was
corrected by gimli-rs/findshlibs@046a431, but was released along with a
couple of semver breaking changes so it needs a bump in Cargo.toml to be
picked up.
@bradfier
Copy link
Contributor Author

bradfier commented May 13, 2020
edited
Loading

I noticed that you're in the middle of a pretty big refactor, and so it will probably be impossible to merge this as-is (or release a 0.18.1 from the current state of this tree).

If you want, you can cherry-pick bradfier@bf9590c onto a branch based off 0.18.0 and release that instead, it also passes the tests. I just can't work out how to get GitHub to open a PR that proposes that...

@jan-auer jan-auer requested a review from Swatinem May 13, 2020 11:27
@Swatinem Swatinem merged commit c7569a1 into getsentry:master May 13, 2020
@Swatinem
Copy link
Member

Thanks for the PR and the good explanation. I might just cut a 0.18.1 release, since there was also another fix that someone requested.
I would need at least a week to push a 0.19 out. BTW, I also plan to move this feature out of core into an integration later this week.

Swatinem pushed a commit that referenced this pull request May 14, 2020
@bradfier @Swatinem
Bump findshlibs to 0.7.0 (#211)
29bb769 
findshlibs 0.5.0 has a serious defect in `SharedLibrary::id`, where it
uses file sizes and offsets when examining the PT_NOTE sections of an
ELF binary instead of the memory size/offset fields. This issue was
corrected by gimli-rs/findshlibs@046a431, but was released along with a
couple of semver breaking changes so it needs a bump in Cargo.toml to be
picked up.
@bradfier bradfier deleted the bump-findshlibs branch May 14, 2020 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Swatinem Swatinem Swatinem approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bradfier @Swatinem