From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10898 invoked by alias); 23 Jan 2012 20:24:11 -0000 Received: (qmail 10886 invoked by uid 22791); 23 Jan 2012 20:24:07 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,SUBJ_OBFU_PUNCT_FEW X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 23 Jan 2012 20:23:54 +0000 From: "ppluzhnikov at google dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/13618] New: elf_machine_rela may call unrelocated address while resolving IFUNC Date: Mon, 23 Jan 2012 20:24:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ppluzhnikov at google dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00108.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13618 Bug #: 13618 Summary: elf_machine_rela may call unrelocated address while resolving IFUNC Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: ppluzhnikov@google.com Classification: Unclassified The test is reduced from https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/919202 Reproduces with current git trunk. // foo.c #include int foo (double d) { return floor (d) != 0; } // bar.c int bar () { return foo (); } // main.c #include #include int main (int argc, char *argv[]) { const char *lib = "./bar.so"; if (argc > 1) lib = argv[1]; void *h = dlopen (lib, RTLD_NOW); // RTLD_LAZY -> no bug if (h == 0) { puts (dlerror ()); return 1; } return 0; } gcc -fPIC -shared -fno-builtin -o foo.so foo.c -lm && gcc -fPIC -shared -o bar.so -Wl,--no-as-needed -lm ./foo.so bar.c && gcc -g main.c -ldl gdb -q ./a.out Program received signal SIGSEGV, Segmentation fault. 0x0000000000005446 in ?? () (gdb) bt #0 0x0000000000005446 in ?? () #1 0x00007ffff7351005 in floor () at ../sysdeps/x86_64/fpu/multiarch/s_floor.S:26 #2 0x00007ffff7de738f in elf_machine_rela (sym=0x7ffff7338c88, skip_ifunc=, reloc_addr_arg=0x7ffff7336008, version=, map=0x602af0, reloc=) at ../sysdeps/x86_64/dl-machine.h:302 #3 elf_dynamic_do_Rela (skip_ifunc=, lazy=, nrelative=, relsize=, reladdr=, map=0x602af0) at do-rel.h:146 #4 _dl_relocate_object (scope=0x602e48, reloc_mode=, consider_profiling=0) at dl-reloc.c:265 #5 0x00007ffff7deda23 in dl_open_worker (a=0x7fffffffd400) at dl-open.c:338 #6 0x00007ffff7de9686 in _dl_catch_error (objname=0x7fffffffd3f0, errstring=0x7fffffffd3f8, mallocedp=0x7fffffffd3ef, operate=0x7ffff7ded7c0 , args=0x7fffffffd400) at dl-error.c:178 #7 0x00007ffff7ded36c in _dl_open (file=0x40080c "./bar.so", mode=-2147483646, caller_dlopen=, nsid=-2, argc=1, argv=0x7fffffffd748, env=0x7fffffffd758) at dl-open.c:575 #8 0x00007ffff7bd7f26 in dlopen_doit (a=0x7fffffffd610) at dlopen.c:67 #9 0x00007ffff7de9686 in _dl_catch_error (objname=0x7ffff7dda0d0, errstring=0x7ffff7dda0d8, mallocedp=0x7ffff7dda0c8, operate=0x7ffff7bd7ec0 , args=0x7fffffffd610) at dl-error.c:178 #10 0x00007ffff7bd84dc in _dlerror_run (operate=0x7ffff7bd7ec0 , args=0x7fffffffd610) at dlerror.c:164 #11 0x00007ffff7bd7fc1 in __dlopen (file=, mode=) at dlopen.c:88 #12 0x00000000004006f1 in main (argc=1, argv=0x7fffffffd748) at main.c:8 What appears to be happening is that __floor (IFUNC) jumps to *unrelocated* GOT entry for __get_cpu_features. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.