public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/18684] New: dlmopen a DSO that dlopen's into RTLD_GLOBAL segfaults.
Date: Thu, 16 Jul 2015 03:15:00 -0000 [thread overview]
Message-ID: <bug-18684-131@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=18684
Bug ID: 18684
Summary: dlmopen a DSO that dlopen's into RTLD_GLOBAL
segfaults.
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: carlos at redhat dot com
Target Milestone: ---
The following program segfaults on glibc master:
cat >> main.c <<EOF
/* Test dlmopen of a DSO that calls dlopen RTLD_GLOBAL. */
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#define DSO "./libfoo.so"
#define FUNC "foo"
int
main (void)
{
void *dso;
int (*func) (void);
dso = dlmopen (LM_ID_NEWLM, DSO, RTLD_NOW|RTLD_LOCAL);
*(void **) (&func) = dlsym (dso, FUNC);
(*func) ();
dlclose (dso);
return 0;
}
EOF
cat >> foo.c <<EOF
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#define DSO "./libbar.so"
#define FUNC "bar"
void
foo (void)
{
void *dso;
int (*func) (void);
dso = dlopen (DSO, RTLD_NOW|RTLD_GLOBAL);
*(void **) (&func) = dlsym (dso, FUNC);
(*func) ();
dlclose (dso);
}
EOF
cat >> bar.c <<EOF
int
bar (void)
{
return 42;
}
EOF
cat >> build.sh <<EOF
#!/bin/bash
set -x
set -e
BUILD=/home/carlos/build/glibc
gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libbar.so bar.c
gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libfoo.so foo.c -ldl
gcc -Wl,--dynamic-linker=$BUILD/elf/ld.so
-Wl,-rpath=$BUILD:$BUILD/elf:$BUILD/dlfcn -O0 -g3 -Wall -pedantic -o main
main.c -ldl
LD_LIBRARY_PATH=. ./main
EOF
chmod u+x build.sh
./build.sh
+ set -e
+ BUILD=/home/carlos/build/glibc
+ gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libbar.so bar.c
+ gcc -O0 -g3 -Wall -pedantic -shared -fPIC -o libfoo.so foo.c -ldl
+ gcc -Wl,--dynamic-linker=/home/carlos/build/glibc/elf/ld.so
-Wl,-rpath=/home/carlos/build/glibc:/home/carlos/build/glibc/elf:/home/carlos/build/glibc/dlfcn
-O0 -g3 -Wall -pedantic -o main main.c -ldl
+ LD_LIBRARY_PATH=.
+ ./main
./build.sh: line 8: 22948 Segmentation fault (core dumped)
LD_LIBRARY_PATH=. ./main
gdb main
GNU gdb (GDB) Fedora 7.8.2-38.fc21
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from main...done.
(gdb) r
Starting program: /home/carlos/support/dlmopen-rtld-global/main
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7dedd44 in add_to_global (new=new@entry=0x6039b0) at dl-open.c:94
94 = ns->_ns_main_searchlist->r_nlist + to_add + 8;
(gdb) bt
#0 0x00007ffff7dedd44 in add_to_global (new=new@entry=0x6039b0) at
dl-open.c:94
#1 0x00007ffff7deeafe in dl_open_worker (a=a@entry=0x7fffffffdb88) at
dl-open.c:563
#2 0x00007ffff7dea104 in _dl_catch_error
(objname=objname@entry=0x7fffffffdb78,
errstring=errstring@entry=0x7fffffffdb80,
mallocedp=mallocedp@entry=0x7fffffffdb77,
operate=operate@entry=0x7ffff7dee490 <dl_open_worker>,
args=args@entry=0x7fffffffdb88)
at dl-error.c:187
#3 0x00007ffff7dedf03 in _dl_open (file=0x7ffff76307ed "./libbar.so",
mode=-2147483390,
caller_dlopen=0x7ffff76307aa, nsid=-2, argc=<optimized out>,
argv=<optimized out>,
env=0x7fffffffdf18) at dl-open.c:648
#4 0x00007ffff742cfa9 in ?? ()
#5 0x00007fffffffdf18 in ?? ()
#6 0x00007fffffffddc0 in ?? ()
#7 0x0000000000000000 in ?? ()
(gdb)
The bug is that the the namespace's global searchlist (RTLD_GLOBAL) is never
initialized.
The main global searchlist is initliazed by rtld.
We need a similar initialization in elf/dl-open.c (add_to_global) and set
ns->_ns_main_searchlist to something. The most appropriate thing is to set it
to the searchlist of the first DSO loaded into the namespace with RTLD_GLOBAL.
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2015-07-16 3:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 3:15 carlos at redhat dot com [this message]
2015-10-16 21:36 ` [Bug dynamic-link/18684] " orion at cora dot nwra.com
2021-09-10 23:15 ` glibc at v dot ewheeler.net
2021-09-10 23:18 ` glibc at v dot ewheeler.net
2021-09-10 23:28 ` glibc at v dot ewheeler.net
2022-10-08 8:47 ` mtk.manpages at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-18684-131@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).