[Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into  _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!
@ 2014-02-26  0:52 ppluzhnikov at google dot com
  2014-02-26  0:56 ` [Bug dynamic-link/16634] " ppluzhnikov at google dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: ppluzhnikov at google dot com @ 2014-02-26  0:52 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16634

            Bug ID: 16634
           Summary: Application calling dlopen("./a.out",...) may run into
                     _dl_allocate_tls_init: Assertion `listp != ((void
                    *)0)' failed!
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: ppluzhnikov at google dot com

Test case:

#include <dlfcn.h>
#include <stdio.h>
#include <pthread.h>

__thread int x;

void *fn(void *p)
{
  return p;
}

int main()
{
  int j;
  pthread_t thr;

  for (j = 0; j < 100; ++j)
    {
      void *p = dlopen("./a.out", RTLD_LAZY);
      printf("%2d: &x = %p\n", j, &x);

      pthread_create(&thr, NULL, fn, NULL);
      pthread_join(thr, NULL);

    }
  return 0;
}

gcc -g t.c -ldl -pthread && ./a.out

 0: &x = 0x7f3cc3ddd73c
 1: &x = 0x7f3cc3ddd73c
 2: &x = 0x7f3cc3ddd73c
...
62: &x = 0x7f3cc3ddd73c
63: &x = 0x7f3cc3ddd73c
Inconsistency detected by ld.so: dl-tls.c: 474: _dl_allocate_tls_init:
Assertion `listp != ((void *)0)' failed!

This has been broken since at least glibc-2.3.6, all the way through current
trunk (ade40b10ff5fa59a318cf55b9d8414b758e8df78).

Note: dlopen() actually fails with  "./a.out: cannot dynamically load
executable", but it does so after incrementing dl_tls_max_dtv_idx.

Once we run out of TLS_SLOTINFO_SURPLUS (62), we crash.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug dynamic-link/16634] Application calling dlopen("./a.out",...) may run into  _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!
  2014-02-26  0:52 [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! ppluzhnikov at google dot com
@ 2014-02-26  0:56 ` ppluzhnikov at google dot com
  2014-03-24 18:14 ` cvs-commit at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: ppluzhnikov at google dot com @ 2014-02-26  0:56 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16634

--- Comment #1 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
Additional note: running

  ld.so ./a.out

does not show the problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug dynamic-link/16634] Application calling dlopen("./a.out",...) may run into  _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!
  2014-02-26  0:52 [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! ppluzhnikov at google dot com
  2014-02-26  0:56 ` [Bug dynamic-link/16634] " ppluzhnikov at google dot com
@ 2014-03-24 18:14 ` cvs-commit at gcc dot gnu.org
  2014-03-24 18:15 ` ppluzhnikov at google dot com
  2014-06-13  6:47 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-03-24 18:14 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16634

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  a42faf59d6d9f82e5293a9ebcc26d9c9e562b12b (commit)
      from  509361270b4b889e991400a70eb87d45304c01cd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a42faf59d6d9f82e5293a9ebcc26d9c9e562b12b

commit a42faf59d6d9f82e5293a9ebcc26d9c9e562b12b
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Mon Mar 24 10:58:26 2014 -0700

    Fix BZ #16634.

    An application that erroneously tries to repeatedly dlopen("a.out", ...)
    may hit assertion failure:

      Inconsistency detected by ld.so: dl-tls.c: 474: _dl_allocate_tls_init:
      Assertion `listp != ((void *)0)' failed!

    dlopen() actually fails with  "./a.out: cannot dynamically load
executable",
    but it does so after incrementing dl_tls_max_dtv_idx.

    Once we run out of TLS_SLOTINFO_SURPLUS (62), we exit with above assertion
    failure.

    2014-03-24  Paul Pluzhnikov  <ppluzhnikov@google.com>

        [BZ #16634]

        * elf/dl-load.c (open_verify): Add mode parameter.
            Error early when ET_EXEC and mode does not have __RTLD_OPENEXEC.
            (open_path): Change from boolean 'secure' to complete flag 'mode'
            (_dl_map_object): Adjust.
        * elf/Makefile (tests): Add tst-dlopen-aout.
        * elf/tst-dlopen-aout.c: New test.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                     |   11 ++++
 NEWS                                          |    6 +-
 elf/Makefile                                  |    3 +-
 elf/dl-load.c                                 |   36 +++++++++-----
 libio/test-freopen.c => elf/tst-dlopen-aout.c |   63 +++++++++++++-----------
 5 files changed, 74 insertions(+), 45 deletions(-)
 copy libio/test-freopen.c => elf/tst-dlopen-aout.c (51%)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug dynamic-link/16634] Application calling dlopen("./a.out",...) may run into  _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!
  2014-02-26  0:52 [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! ppluzhnikov at google dot com
  2014-02-26  0:56 ` [Bug dynamic-link/16634] " ppluzhnikov at google dot com
  2014-03-24 18:14 ` cvs-commit at gcc dot gnu.org
@ 2014-03-24 18:15 ` ppluzhnikov at google dot com
  2014-06-13  6:47 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: ppluzhnikov at google dot com @ 2014-03-24 18:15 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16634

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
Fixed on trunk.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug dynamic-link/16634] Application calling dlopen("./a.out",...) may run into  _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed!
  2014-02-26  0:52 [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! ppluzhnikov at google dot com
                   ` (2 preceding siblings ...)
  2014-03-24 18:15 ` ppluzhnikov at google dot com
@ 2014-06-13  6:47 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13  6:47 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16634

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-06-13  6:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-26  0:52 [Bug dynamic-link/16634] New: Application calling dlopen("./a.out",...) may run into _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! ppluzhnikov at google dot com
2014-02-26  0:56 ` [Bug dynamic-link/16634] " ppluzhnikov at google dot com
2014-03-24 18:14 ` cvs-commit at gcc dot gnu.org
2014-03-24 18:15 ` ppluzhnikov at google dot com
2014-06-13  6:47 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).