Fatal signal 11 (SIGSEGV) when calling crypto_sign_detached

Question

Fatal signal 11 (SIGSEGV) when calling crypto_sign_detached

Closed this issue 5 years ago · 13 comments

Hey,

I believe this is related to #16 . I'm getting the same crash, but when calling crypto_sign_detached with version 3.6.0. I think its another case of int vs long.

This only crashes on Android, with lazysodium-java it works.

--------- beginning of crash 2019-04-23 19:10:10.048 8870-8886/net.aholbrook.paseto.test.test A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 8886 (roidJUnitRunner), pid 8870 (aseto.test.test) 2019-04-23 19:10:10.080 8893-8893/? I/crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone 2019-04-23 19:10:10.080 1804-1804/? I//system/bin/tombstoned: received crash request for pid 8886 2019-04-23 19:10:10.080 8893-8893/? I/crash_dump32: performing dump of process 8870 (target tid = 8886) 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:9/PSR1.180720.075/5124027:userdebug/dev-keys' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Revision: '0' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: ABI: 'x86' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: pid: 8870, tid: 8886, name: roidJUnitRunner >>> net.aholbrook.paseto.test.test <<< 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Cause: null pointer dereference 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: eax 00000080 ebx 00000000 ecx d63fa768 edx 00000000 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: edi 00000000 esi 00000000 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: ebp d63fa748 esp d63fa450 eip d6089caf 2019-04-23 19:10:10.102 8893-8893/? A/DEBUG: backtrace: 2019-04-23 19:10:10.102 8893-8893/? A/DEBUG: #00 pc 0001ecaf /data/app/net.aholbrook.paseto.test.test-8GHTnXkkNBjfNhT8oyPhYw==/lib/x86/libsodium.so (crypto_hash_sha512_update+164) 2019-04-23 19:10:10.301 1804-1804/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_15 2019-04-23 19:10:10.358 1948-3697/system_process I/ActivityManager: Process net.aholbrook.paseto.test.test (pid 8870) has died: fore FGS

Answer 1 · 2019-04-27T15:19:16.000Z

Hello @atholbro,

Thanks for reporting this. Should be fixed in 3.6.1. These bugs seem to occur more on Android which has a variety of architectures, including some that are memory optimised, thus longs are interpreted differently on those.

Thanks once again!

Answer 2 · 2019-05-01T19:41:50.000Z

Hey,

I'm still seeing this crash when using 3.6.1. Here's code to reproduce:

SodiumAndroid sodium = new SodiumAndroid();

byte[] sig = new byte[64];
byte[] sk = new byte[] {
		-76, -53, -5, 67, -33, 76, -30, 16, 114, 125, -107, 62, 74, 113, 51, 7, -6, 25, -69, 125, -97, -123, 4,
		20, 56, -39, -31, 27, -108, 42, 55, 116, 30, -71, -37, -69, -68, 4, 124, 3, -3, 112, 96, 78, 0, 113,
		-16, -104, 126, 22, -78, -117, 117, 114, 37, -63, 31, 0, 65, 93, 14, 32, -79, -94
};


int[] sigLen = new int[] { sig.length };
byte[] m = "Test".getBytes();
sodium.crypto_sign_detached(sig, sigLen, m, new NativeLong(m.length), sk);

And versions from build.gradle:

api "com.goterl.lazycode:lazysodium-android:3.6.1@aar"
api "net.java.dev.jna:jna:4.5.2@aar"

Here's what logcat says:

2019-05-01 15:29:47.912 1804-1804/? I//system/bin/tombstoned: received crash request for pid 7027
2019-05-01 15:29:47.913 7056-7056/? I/crash_dump32: performing dump of process 7027 (target tid = 7027)
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:9/PSR1.180720.075/5124027:userdebug/dev-keys'
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: Revision: '0'
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: ABI: 'x86'
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: pid: 7027, tid: 7027, name: t.myapplication  >>> test.myapplication <<<
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG: Cause: null pointer dereference
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG:     eax 00000080  ebx 00000000  ecx ffcc0c28  edx 00000000
2019-05-01 15:29:47.916 7056-7056/? A/DEBUG:     edi 00000000  esi 00000000
2019-05-01 15:29:47.917 7056-7056/? A/DEBUG:     ebp ffcc0c08  esp ffcc0910  eip d64e4caf
2019-05-01 15:29:47.924 7056-7056/? A/DEBUG: backtrace:
2019-05-01 15:29:47.924 7056-7056/? A/DEBUG:     #00 pc 0001ecaf  /data/app/test.myapplication--5aj7-vSHK-1TH2YxBVXyg==/lib/x86/libsodium.so (crypto_hash_sha512_update+164)
2019-05-01 15:29:48.229 1804-1804/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_38```

Answer 3 · 2019-05-02T21:12:57.000Z

Hi @atholbro,

Can you please try it with null as the length? For example:

sodium.crypto_sign_detached(sig, null, m, new NativeLong(m.length), sk);

The length parameter is not for you to provide a length, but for Libsodium to give you a length. This is documented here.

Answer 4 · 2019-05-03T01:35:59.000Z

I did miss that fact, but when passing null it still crashes in the same way.

I'm wondering if the problem is in libsodium. From what I can tell the libraries are precompiled and stored here:
https://github.com/terl/lazysodium-android/tree/master/app/src/main/jniLibs

I might try to rebuild and see if it makes a difference.

Answer 5 · 2019-05-03T20:25:45.000Z

Yes that's a good plan.

I will run it on my Android device and my emulators to see if it crashes.

Answer 6 · 2019-05-04T17:36:57.000Z

So I rebuilt libsodium, which made no difference. I then tried running it on an Android device, which doesn't produce the crash. I'm now trying with the 3.6.1 release, but I'm thinking it's either related to the emulator or the x86 builds.

Answer 7 · 2019-05-14T19:37:22.000Z

What version of Android are you running it on?

Answer 8 · 2019-05-14T19:49:09.000Z

Hardware: 7 & 8 (these work)
Emulator: 9 (doesn't work).

The system image is the latest Android Pie x86 (Google APIs). Build number is:
sdk_gphone_x86-userdebug 9 PSR1.180720.0755124027 dev-keys

Answer 9 · 2019-05-14T20:38:06.000Z

Hi @atholbro,

I just tested it on my emulator. I tried moving around NativeLong parameters in combinations, but it didn't work.

It seems that you're right, there seems to be a bug in Libsodium itself on x86 builds for specifically Android devices.

Answer 10 · 2019-05-14T20:38:33.000Z

Ah it seems to be an issue with the emulator itself!

jedisct1/libsodium#680

Answer 11 · 2019-05-14T21:52:33.000Z

That's sort of what I was thinking as well.

This is good to know, and I think this issue can be closed. Thanks for looking into it!

Answer 12 · 2019-05-15T15:35:14.000Z

No problem, thanks for reporting.

Answer 13 · 2020-08-31T10:48:32.000Z

Hello. I am experiencing the same issue with the LazySodium 4.2.0. Error occurs when you return to the app after some time of it being in background.
Here is the error:

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> org.stingle.photos <<<

backtrace:
 
  #00  pc 0000000000019dc4  /data/app/org.stingle.photos-mTdxaDAEaagbYMmNAuOvWQ==/split_config.arm64_v8a.apk!libsodium.so (offset 0x18000)

Link to the bug of my app: stingle/stingle-photos-android#24