polkitd SEGFAULTs when rules containing regex are invoked.
When connecting to a Wi-Fi hotspot, or changing the brightness on GNOME (or Phosh), polkitd segfaults.
Tested on PinePhone (aarch64) on postmarketOS.
Here is backtrace:
(gdb) run
Starting program: /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
[New LWP 4824]
[LWP 4824 exited]
[New LWP 4825]
[New LWP 4826]
[New LWP 4827]
[New LWP 4828]
[New LWP 4829]
[New LWP 4830]
[New LWP 4831]
15:43:44.634: Loading rules from directory /etc/polkit-1/rules.d
15:43:44.634: Loading rules from directory /usr/share/polkit-1/rules.d
15:43:44.637: Finished loading, compiling and executing 5 rules
[New LWP 4832]
Entering main event loop
Connected to the system bus
15:43:44.642: Acquired the name org.freedesktop.PolicyKit1 on the system bus
15:43:44.653: Registered Authentication Agent for unix-session:c2 (system bus name :1.179 [/usr/libexec/phosh], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
[LWP 4832 exited]
Thread 1 "polkitd" received signal SIGSEGV, Segmentation fault.
0x0000fffff780878c in js::RegExpShared::CompilationIndex (mode=mode@entry=(unknown: 4294957472), latin1=<optimized out>)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpShared.h:122
122 /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpShared.h: No such file or directory.
(gdb) bt
#0 0x0000fffff780878c in js::RegExpShared::CompilationIndex (mode=mode@entry=(unknown: 4294957472), latin1=<optimized out>)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpShared.h:122
#1 0x0000fffff780b564 in js::RegExpShared::compilation (latin1=<optimized out>, mode=(unknown: 4294957472), this=0x700001a3040)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpShared.h:183
#2 js::RegExpShared::isCompiled (force=js::RegExpShared::ForceByteCode, latin1=<optimized out>, mode=(unknown: 4294957472),
this=0x700001a3040) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpShared.h:183
#3 js::RegExpShared::compileIfNecessary (cx=cx@entry=0xaaaaaab1ea60, re=re@entry=..., input=input@entry=...,
mode=mode@entry=(unknown: 4294957472), force=force@entry=js::RegExpShared::ForceByteCode)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpObject.cpp:912
#4 0x0000fffff780cd28 in js::RegExpShared::execute (cx=cx@entry=0xaaaaaab1ea60, re=..., input=..., start=start@entry=0,
matches=matches@entry=0x0, endIndex=endIndex@entry=0xffffffffdc50)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/RegExpObject.cpp:1017
#5 0x0000fffff7512610 in ExecuteRegExpImpl (cx=cx@entry=0xaaaaaab1ea60, res=res@entry=0xaaaaaaed1f40, re=re@entry=...,
input=input@entry=..., searchIndex=searchIndex@entry=0, matches=matches@entry=0x0, endIndex=endIndex@entry=0xffffffffdc50)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/builtin/RegExp.cpp:124
#6 0x0000fffff7512860 in ExecuteRegExp (cx=0xaaaaaab1ea60, regexp=regexp@entry=..., string=string@entry=..., lastIndex=0,
matches=matches@entry=0x0, endIndex=endIndex@entry=0xffffffffdc50)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/dist/include/js/RootingAPI.h:1116
#7 0x0000fffff7512b58 in js::RegExpTester (cx=<optimized out>, argc=<optimized out>, vp=0xaaaaaadbf908)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/dist/include/js/RootingAPI.h:1090
#8 0x0000fffff757e080 in js::CallJSNative (args=...,
native=0xfffff7512a9c <js::RegExpTester(JSContext*, unsigned int, JS::Value*)>, cx=0xaaaaaab1ea60)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/dist/include/js/CallArgs.h:270
#9 js::InternalCallOrConstruct (cx=0xaaaaaab1ea60, args=..., construct=construct@entry=js::NO_CONSTRUCT)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:435
#10 0x0000fffff757e168 in InternalCall (cx=<optimized out>, args=...)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:484
#11 0x0000fffff757a294 in js::CallFromStack (args=..., cx=<optimized out>)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#12 Interpret (cx=<optimized out>, cx@entry=0xaaaaaab1ea60, state=...)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#13 0x0000fffff757dc44 in js::RunScript (cx=cx@entry=0xaaaaaab1ea60, state=...)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:385
#14 0x0000fffff757dfc4 in js::InternalCallOrConstruct (cx=0xaaaaaab1ea60, args=..., construct=construct@entry=js::NO_CONSTRUCT)
at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:457
#15 0x0000fffff757e168 in InternalCall (cx=<optimized out>, args=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:484
#16 0x0000fffff757a294 in js::CallFromStack (args=..., cx=<optimized out>) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#17 Interpret (cx=<optimized out>, cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#18 0x0000fffff757dc44 in js::RunScript (cx=cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:385
#19 0x0000fffff757dfc4 in js::InternalCallOrConstruct (cx=0xaaaaaab1ea60, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:457
#20 0x0000fffff757e168 in InternalCall (cx=<optimized out>, args=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:484
#21 0x0000fffff757a294 in js::CallFromStack (args=..., cx=<optimized out>) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#22 Interpret (cx=<optimized out>, cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#23 0x0000fffff757dc44 in js::RunScript (cx=cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:385
#24 0x0000fffff757dfc4 in js::InternalCallOrConstruct (cx=0xaaaaaab1ea60, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:457
#25 0x0000fffff757e168 in InternalCall (cx=<optimized out>, args=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:484
#26 0x0000fffff757a294 in js::CallFromStack (args=..., cx=<optimized out>) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#27 Interpret (cx=<optimized out>, cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:2873
#28 0x0000fffff757dc44 in js::RunScript (cx=cx@entry=0xaaaaaab1ea60, state=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:385
#29 0x0000fffff757dfc4 in js::InternalCallOrConstruct (cx=0xaaaaaab1ea60, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:457
#30 0x0000fffff757e168 in InternalCall (cx=<optimized out>, args=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:484
#31 0x0000fffff757e1a0 in js::Call (cx=<optimized out>, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/vm/Interpreter.cpp:500
#32 0x0000fffff77337a8 in JS_CallFunctionName (cx=<optimized out>, obj=..., name=<optimized out>, args=..., rval=...) at /home/buildozer/aports/main/mozjs60/src/firefox-60.9.0/js/src/dist/include/js/RootingAPI.h:1090
#33 0x0000aaaaaaab627c in call_js_function_with_runaway_killer(_PolkitBackendJsAuthority*, char const*, JS::HandleValueArray const&, JS::Rooted<JS::Value>*) [clone .constprop.0] ()
#34 0x0000aaaaaaab86f0 in polkit_backend_js_authority_check_authorization_sync(_PolkitBackendInteractiveAuthority*, _PolkitSubject*, _PolkitSubject*, _PolkitIdentity*, int, int, char const*, _PolkitDetails*, PolkitImplicitAuthorization) ()
#35 0x0000aaaaaaabbc4c in check_authorization_sync ()
#36 0x0000aaaaaaabc290 in polkit_backend_interactive_authority_check_authorization ()
#37 0x0000aaaaaaab4db8 in server_handle_method_call ()
#38 0x0000fffff7e62db0 in ?? () from /usr/lib/libgio-2.0.so.0
#39 0x0000fffff7c2fbdc in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#40 0x0000fffff7c2fe24 in ?? () from /usr/lib/libglib-2.0.so.0
#41 0x0000fffff7c30294 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#42 0x0000aaaaaaab4168 in main ()
(gdb)
Interestingly, if I comment this line from /usr/share/polkit-1/rules.d/01-org.freedesktop.ModemManager.rules
:
if (/^org\.freedesktop\.ModemManager1\.(Device\.Control|Contacts|Messaging|Location)$/.test(action.id) &&
and replace it with if (
, polkitd seems to happy again.
CC: @Cogitri