public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "amonakov at gmail dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sources.redhat.com Subject: [Bug dynamic-link/14831] New: Redirecting a library to libm.so via LD_AUDIT induces segmentation fault in _dl_profile_fixup Date: Sun, 11 Nov 2012 21:04:00 -0000 [thread overview] Message-ID: <bug-14831-131@http.sourceware.org/bugzilla/> (raw) http://sourceware.org/bugzilla/show_bug.cgi?id=14831 Bug #: 14831 Summary: Redirecting a library to libm.so via LD_AUDIT induces segmentation fault in _dl_profile_fixup Product: glibc Version: 2.16 Status: NEW Severity: normal Priority: P2 Component: dynamic-link AssignedTo: unassigned@sourceware.org ReportedBy: amonakov@gmail.com Classification: Unclassified Created attachment 6727 --> http://sourceware.org/bugzilla/attachment.cgi?id=6727 testcase Using the audit mechanism to redirect library lookups by implementing la_objsearch and returning a library that depends on libm.so (or libm.so itself) results in a subsequent segfault in the loader. I have attempted to create a standalone testcase, but did not succeed (I suspect the bug has to do with how IRELATIVE relocations are processed, but a simple testcase with IRELATIVE reloc works fine). Attaching a small testcase that depends on libm.so (and assumes it has IRELATIVE relocations). $ gdb --args /tmp/glibc-build/elf/ld.so --audit ./libaudit.so ./main GNU gdb (GDB) 7.4.1 (gdb) r Starting program: /tmp/glibc-build/elf/ld.so --audit ./libaudit.so ./main warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? Program received signal SIGSEGV, Segmentation fault. _dl_profile_fixup (l=0x7ffff7a33508, reloc_arg=4, retaddr=140737345060825, regs=0x7fffffffd1b0, framesizep=0x7fffffffd508) at ../elf/dl-runtime.c:176 176 DL_FIXUP_VALUE_TYPE value = *resultp; (gdb) bt #0 _dl_profile_fixup (l=0x7ffff7a33508, reloc_arg=4, retaddr=140737345060825, regs=0x7fffffffd1b0, framesizep=0x7fffffffd508) at ../elf/dl-runtime.c:176 #1 0x0000555555568306 in _dl_runtime_profile () at ../sysdeps/x86_64/dl-trampoline.h:48 #2 0x00007ffff7757fd9 in ?? () #3 0x00007fffffffd650 in ?? () #4 0x000055555555f5d1 in elf_machine_lazy_rel (skip_ifunc=<optimized out>, reloc=0x7ffff773e210, l_addr=140737344933888, map=0x7ffff7a33508) at ../sysdeps/x86_64/dl-machine.h:535 #5 elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=0x7ffff7a33508) at do-rel.h:85 #6 _dl_relocate_object (scope=0x7ffff7a33860, reloc_mode=<optimized out>, consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:265 #7 0x0000555555557ad2 in dl_main (phdr=<optimized out>, phdr@entry=0x555555554040, phnum=4160734848, phnum@entry=7, user_entry=user_entry@entry=0x7fffffffd7d8, auxv=0x555555777801) at rtld.c:2299 #8 0x0000555555568afc in _dl_sysdep_start (start_argptr=start_argptr@entry=0x7fffffffd890, dl_main=dl_main@entry=0x555555555ae0 <dl_main>) at ../elf/dl-sysdep.c:242 #9 0x0000555555558d0e in _dl_start_final (arg=0x7fffffffd890) at rtld.c:337 #10 _dl_start (arg=0x7fffffffd890) at rtld.c:563 #11 0x00005555555555a8 in _start () from /tmp/glibc-build/elf/ld.so (gdb) p l.l_reloc_result $1 = (struct reloc_result *) 0x0 (gdb) f 4 #4 0x000055555555f5d1 in elf_machine_lazy_rel (skip_ifunc=<optimized out>, reloc=0x7ffff773e210, l_addr=140737344933888, map=0x7ffff7a33508) at ../sysdeps/x86_64/dl-machine.h:535 535 value = ((ElfW(Addr) (*) (void)) value) (); (gdb) list 530 } 531 else if (__builtin_expect (r_type == R_X86_64_IRELATIVE, 0)) 532 { 533 ElfW(Addr) value = map->l_addr + reloc->r_addend; 534 if (__builtin_expect (!skip_ifunc, 1)) 535 value = ((ElfW(Addr) (*) (void)) value) (); 536 *reloc_addr = value; 537 } 538 else 539 _dl_reloc_bad_type (map, r_type, 1); (gdb) -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
next reply other threads:[~2012-11-11 21:04 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-11-11 21:04 amonakov at gmail dot com [this message] 2012-11-12 7:27 ` [Bug dynamic-link/14831] " amonakov at gmail dot com 2012-11-13 19:00 ` [Bug dynamic-link/14831] [Regression] Segfault in _dl_profile_fixup with IRELATIVE and LD_AUDIT amonakov at gmail dot com 2012-11-13 19:10 ` amonakov at gmail dot com 2012-11-13 19:31 ` hjl.tools at gmail dot com 2012-11-13 20:01 ` amonakov at gmail dot com 2012-11-13 20:18 ` hjl.tools at gmail dot com 2012-11-13 20:33 ` amonakov at gmail dot com 2012-11-13 20:36 ` hjl.tools at gmail dot com 2012-11-13 22:37 ` hjl.tools at gmail dot com 2012-11-14 23:31 ` hjl.tools at gmail dot com 2012-11-14 23:52 ` hjl.tools at gmail dot com 2012-11-20 18:42 ` tschwinge at sourceware dot org 2012-11-27 16:51 ` hjl.tools at gmail dot com 2013-05-27 9:26 ` amonakov at gmail dot com 2014-06-14 11:08 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-14831-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sources.redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).