[Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault
@ 2012-03-07 19:06 law at redhat dot com
  2012-03-22 12:56 ` [Bug dynamic-link/13818] " carlos_odonell at mentor dot com
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: law at redhat dot com @ 2012-03-07 19:06 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

             Bug #: 13818
           Summary: Bogus LD_PROFILE will cause application to segfault
           Product: glibc
           Version: 2.15
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
        AssignedTo: unassigned@sourceware.org
        ReportedBy: law@redhat.com
    Classification: Unclassified


Created attachment 6265
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6265
Potential fix

LD_PROFILE=BLAH /usr/bin/gdb

Results in a segfault in the dynamic linker on my Fedora 16 system.


172       /* This is the address in the array where we store the result of
previous
173          relocations.  */
174       struct reloc_result *reloc_result = &l->l_reloc_result[reloc_index];
175       DL_FIXUP_VALUE_TYPE *resultp = &reloc_result->addr;
176
177       DL_FIXUP_VALUE_TYPE value = *resultp;

The l_reloc_result field is NULL, which causes resultp to point to a near-NULL
address and segfault at line 177.

We are processing an R_X86_64_IRELATIVE relocation for libm.

Looking at dl-reloc.c we have:
264     #include "dynamic-link.h"
265
266         ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc);
267
268     #ifndef PROF
269         if (__builtin_expect (consider_profiling, 0))
270           {
(gdb)
271             /* Allocate the array which will contain the already found
272                relocations.  If the shared object lacks a PLT (for example
273                if it only contains lead function) the l_info[DT_PLTRELSZ]
274                will be NULL.  */
275             if (l->l_info[DT_PLTRELSZ] == NULL)
276               {
277                 errstring = N_("%s: no PLTREL found in object %s\n");
278               fatal:
279                 _dl_fatal_printf (errstring,
280                                   rtld_progname ?: "<program name
unknown>",
(gdb)
281                                   l->l_name);
282               }
283
284             l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]),
285 l->l_info[DT_PLTRELSZ]->d_un.d_val);

Note that we call ELF_DYNAMIC_RELOCATE on line 266 prior to setting up
l_reloc_result on line 284.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
@ 2012-03-22 12:56 ` carlos_odonell at mentor dot com
  2012-03-22 16:40 ` ppluzhnikov at google dot com
                   ` (8 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: carlos_odonell at mentor dot com @ 2012-03-22 12:56 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Carlos O'Donell <carlos_odonell at mentor dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos_odonell at mentor
                   |                            |dot com
   Target Milestone|---                         |2.16

--- Comment #1 from Carlos O'Donell <carlos_odonell at mentor dot com> 2012-03-22 12:33:46 UTC ---
FAOD can you reproduce this on trunk?

I'm marking this as milestone=2.16 so we look to get this resolved for the next
release.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
  2012-03-22 12:56 ` [Bug dynamic-link/13818] " carlos_odonell at mentor dot com
@ 2012-03-22 16:40 ` ppluzhnikov at google dot com
  2012-04-06 20:33 ` aj at suse dot de
                   ` (7 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: ppluzhnikov at google dot com @ 2012-03-22 16:40 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppluzhnikov at google dot
                   |                            |com

--- Comment #2 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2012-03-22 15:27:26 UTC ---
I've reproduced this using current git trunk:

commit 48e44791e4d4d755bf7a7dd083d87584dc4779e4
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Thu Mar 22 12:55:19 2012 +0000


Core was generated by `./elf/ld-linux-x86-64.so.2 --library-path
.:nptl:math:dlfcn /usr/bin/gdb'.
Program terminated with signal 11, Segmentation fault.
#0  _dl_profile_fixup (l=0x7ffc433d5830, reloc_arg=2, retaddr=140721433520857,
regs=0x7fff37c34cd0, framesizep=0x7fff37c35028) at ../elf/dl-runtime.c:176
176      DL_FIXUP_VALUE_TYPE value = *resultp;
(gdb) bt
#0  _dl_profile_fixup (l=0x7ffc433d5830, reloc_arg=2, 
    retaddr=140721433520857, regs=0x7fff37c34cd0, 
    framesizep=0x7fff37c35028) at ../elf/dl-runtime.c:176
#1  0x00007ffc433ea6c8 in _dl_runtime_profile ()
    at ../sysdeps/x86_64/dl-trampoline.h:48
#2  0x00007ffc430eaad9 in __ieee754_exp ()
    at ../sysdeps/x86_64/fpu/multiarch/e_exp.c:15
#3  0x00007ffc433e1681 in elf_machine_lazy_rel (
    skip_ifunc=<optimized out>, reloc=0x7ffc430e0300, 
    l_addr=140721433456640, map=0x7ffc433d5830)
    at ../sysdeps/x86_64/dl-machine.h:495
#4  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, 
    lazy=<optimized out>, nrelative=<optimized out>, 
    relsize=<optimized out>, reladdr=<optimized out>, 
    map=0x7ffc433d5830) at do-rel.h:85
#5  _dl_relocate_object (scope=0x7ffc433d5b88, 
    reloc_mode=<optimized out>, consider_profiling=1)
    at dl-reloc.c:264
#6  0x00007ffc433d9360 in dl_main (phdr=<optimized out>, 
    phnum=1114560256, user_entry=<optimized out>, 
    auxv=0x7ffc435f9701) at rtld.c:2283
#7  0x00007ffc433eabbc in _dl_sysdep_start (
    start_argptr=<optimized out>, dl_main=0x7ffc433d7b70 <dl_main>)
    at ../elf/dl-sysdep.c:243
#8  0x00007ffc433dad9e in _dl_start_final (arg=0x7fff37c35400)
    at rtld.c:336
#9  _dl_start (arg=0x7fff37c35400) at rtld.c:562
#10 0x00007ffc433d7588 in _start () from ./elf/ld-linux-x86-64.so.2

(gdb) p resultp
$1 = (Elf64_Addr *) 0x40

(gdb) p reloc_result
$2 = (struct reloc_result *) 0x40

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
  2012-03-22 12:56 ` [Bug dynamic-link/13818] " carlos_odonell at mentor dot com
  2012-03-22 16:40 ` ppluzhnikov at google dot com
@ 2012-04-06 20:33 ` aj at suse dot de
  2012-04-10  5:00 ` law at redhat dot com
                   ` (6 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: aj at suse dot de @ 2012-04-06 20:33 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Andreas Jaeger <aj at suse dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aj at suse dot de

--- Comment #3 from Andreas Jaeger <aj at suse dot de> 2012-04-06 20:33:03 UTC ---
Jeff, adding this patch to the openSUSE glibc 2.15 (which contains quite some
patches), running the testsuite I get a failure in elf/tst-audit2.out

> cat elf/tst-audit2.out
version: 1
objopen: 0, 
objopen: 0,
/build/osc-branches/my-factory-packages/glibc/building/elf/ld-linux-x86-64.so.2
activity: add
objsearch: libc.so.6, LA_SET_ORIG
objsearch: /build/osc-branches/my-factory-packages/glibc/building/libc.so.6,
LA_SER_LIBPATH
objopen: 0, /build/osc-branches/my-factory-packages/glibc/building/libc.so.6
activity: consistent
symbind64: symname=__libc_start_main, st_value=0x7f39e38c7320, ndx=2065,
flags=0
pltenter: symname=__libc_start_main, st_value=0x7f39e38c7320, ndx=2065, flags=0
preinit
symbind64: symname=printf, st_value=0x7f39e38f4a60, ndx=594, flags=0
pltenter: symname=printf, st_value=0x7f39e38f4a60, ndx=594, flags=0
symbind64: symname=free, st_value=0x7f39e3923470, ndx=2177, flags=0
pltenter: symname=free, st_value=0x7f39e3923470, ndx=2177, flags=0
pltenter: symname=free, st_value=0x7f39e3923470, ndx=2177, flags=0
objclose
objclose
objclose
{abcdef72, d8675309} != {d8675309, abcdef72}

But adding the patch to git head, I see no problem with the testsuite. Does it
pass the testsuite on Fedora? I'm confused why your patch should have an effect
on the openSUSE glibc which mainly contains backports from git plus your
patches from Fedora for cycle detection.

Don't spend time to investigate my failure, just please double check that the
testsuite passes for you.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (2 preceding siblings ...)
  2012-04-06 20:33 ` aj at suse dot de
@ 2012-04-10  5:00 ` law at redhat dot com
  2012-07-26  4:41 ` law at redhat dot com
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: law at redhat dot com @ 2012-04-10  5:00 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

--- Comment #4 from law at redhat dot com 2012-04-10 05:00:06 UTC ---
It passes in the f17/rawhide trees where I've got it installed.  I didn't
bother backporting to the older f16 based tree.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (3 preceding siblings ...)
  2012-04-10  5:00 ` law at redhat dot com
@ 2012-07-26  4:41 ` law at redhat dot com
  2012-07-26  7:05 ` schwab@linux-m68k.org
                   ` (4 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: law at redhat dot com @ 2012-07-26  4:41 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

law at redhat dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6265|application/octet-stream    |application/text
          mime type|                            |

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (4 preceding siblings ...)
  2012-07-26  4:41 ` law at redhat dot com
@ 2012-07-26  7:05 ` schwab@linux-m68k.org
  2012-11-29 15:55 ` carlos_odonell at mentor dot com
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: schwab@linux-m68k.org @ 2012-07-26  7:05 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6265|application/text            |text/plain
          mime type|                            |

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (5 preceding siblings ...)
  2012-07-26  7:05 ` schwab@linux-m68k.org
@ 2012-11-29 15:55 ` carlos_odonell at mentor dot com
  2012-12-03 23:58 ` carlos at systemhalted dot org
                   ` (2 subsequent siblings)
  9 siblings, 0 replies; 11+ messages in thread
From: carlos_odonell at mentor dot com @ 2012-11-29 15:55 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Carlos O'Donell <carlos_odonell at mentor dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|2.16                        |2.18

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (6 preceding siblings ...)
  2012-11-29 15:55 ` carlos_odonell at mentor dot com
@ 2012-12-03 23:58 ` carlos at systemhalted dot org
  2013-05-27  9:26 ` amonakov at gmail dot com
  2014-06-26 14:02 ` fweimer at redhat dot com
  9 siblings, 0 replies; 11+ messages in thread
From: carlos at systemhalted dot org @ 2012-12-03 23:58 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Carlos O'Donell <carlos at systemhalted dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|carlos_odonell at mentor    |carlos at systemhalted dot
                   |dot com                     |org

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (7 preceding siblings ...)
  2012-12-03 23:58 ` carlos at systemhalted dot org
@ 2013-05-27  9:26 ` amonakov at gmail dot com
  2014-06-26 14:02 ` fweimer at redhat dot com
  9 siblings, 0 replies; 11+ messages in thread
From: amonakov at gmail dot com @ 2013-05-27  9:26 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=13818

Alexander Monakov <amonakov at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |amonakov at gmail dot com
         Resolution|---                         |DUPLICATE

--- Comment #5 from Alexander Monakov <amonakov at gmail dot com> ---
This was independently discovered, filed and fixed as an LD_AUDIT bug 14831.

*** This bug has been marked as a duplicate of bug 14831 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [Bug dynamic-link/13818] Bogus LD_PROFILE will cause application to segfault
  2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
                   ` (8 preceding siblings ...)
  2013-05-27  9:26 ` amonakov at gmail dot com
@ 2014-06-26 14:02 ` fweimer at redhat dot com
  9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2014-06-26 14:02 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=13818

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2014-06-26 14:02 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-07 19:06 [Bug dynamic-link/13818] New: Bogus LD_PROFILE will cause application to segfault law at redhat dot com
2012-03-22 12:56 ` [Bug dynamic-link/13818] " carlos_odonell at mentor dot com
2012-03-22 16:40 ` ppluzhnikov at google dot com
2012-04-06 20:33 ` aj at suse dot de
2012-04-10  5:00 ` law at redhat dot com
2012-07-26  4:41 ` law at redhat dot com
2012-07-26  7:05 ` schwab@linux-m68k.org
2012-11-29 15:55 ` carlos_odonell at mentor dot com
2012-12-03 23:58 ` carlos at systemhalted dot org
2013-05-27  9:26 ` amonakov at gmail dot com
2014-06-26 14:02 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).