[Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN' since 2.18

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN'  since 2.18
@ 2021-03-02 18:11 adrien.mahieux at gmail dot com
  2021-03-02 18:14 ` [Bug libc/27499] segfault on static ldconfig " adrien.mahieux at gmail dot com
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: adrien.mahieux at gmail dot com @ 2021-03-02 18:11 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27499

            Bug ID: 27499
           Summary: segfault on static bin with LD_LIBRARY_PATH='$LIB' or
                    '$PLATFORM' 'or '$ORIGIN'  since 2.18
           Product: glibc
           Version: 2.34
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: adrien.mahieux at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

We have a segfault when setting LD_LIBRARY_PATH to a special value $LIB $ORIGIN
or $PLATFORM. Any other value is ignored.

This was working fine on RHEL7 (glibc 2.17) but is starting to fail starting
2.18 or 2.19 up to current version.

Issue is reproducible on all tested distribution (debian, rhel, fedora..) and
can be triggered with:

  LD_LIBRARY_PATH='$LIB' ldconfig



# Build latest version using:
git clone git://sourceware.org/git/glibc.git
mkdir glibc-build && cd glibc-build
../glibc/configure --disable-sanity-checks
make -j
LD_LIBRARY_PATH='$LIB' ./elf/ldconfig -p



Stacktrace:

(gdb) info stack 
#0  0x000000000049032b in expand_dynamic_string_token (l=0x0,
input=0x7ffe35525c60 "$LIB") at dl-load.c:400
#1  0x0000000000490442 in fillin_rpath (rpath=<optimized out>,
rpath@entry=0x7ffe35525c60 "$LIB", result=0x14c65e0, sep=sep@entry=0x4c5f10
":;", what=what@entry=0x4b1ac9 "LD_LIBRARY_PATH", 
    where=where@entry=0x0, l=l@entry=0x0) at dl-load.c:465
#2  0x000000000049094f in _dl_init_paths (llp=<optimized out>, source=0x4b1ac9
"LD_LIBRARY_PATH", glibc_hwcaps_prepend=<optimized out>,
glibc_hwcaps_mask=<optimized out>) at dl-load.c:825
#3  0x00000000004648e2 in _dl_non_dynamic_init () at dl-support.c:344
#4  0x0000000000465b96 in __libc_init_first (argc=2, argv=0x7ffe35525f58,
envp=0x7ffe35525f70) at init-first.c:68
#5  0x00000000004094b4 in __libc_start_main_impl (main=0x4016f0 <main>, argc=2,
argv=0x7ffe35525f58, init=<optimized out>, fini=<optimized out>, rtld_fini=0x0,
stack_end=0x7ffe35525f48)
    at ../csu/libc-start.c:362
#6  0x0000000000401cb1 in _start () at ../sysdeps/x86_64/start.S:116


Issue seems to be in elf/dl-load.c::_dl_init_paths, where 'llp="$LIB" and
*l=NULL. then null pointer is propagated.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug libc/27499] segfault on static ldconfig with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN'  since 2.18
  2021-03-02 18:11 [Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN' since 2.18 adrien.mahieux at gmail dot com
@ 2021-03-02 18:14 ` adrien.mahieux at gmail dot com
  2021-03-02 19:00 ` adrien.mahieux at gmail dot com
  2021-03-03  3:34 ` fweimer at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: adrien.mahieux at gmail dot com @ 2021-03-02 18:14 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27499

Adrien Mahieux <adrien.mahieux at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|segfault on static bin with |segfault on static ldconfig
                   |LD_LIBRARY_PATH='$LIB' or   |with LD_LIBRARY_PATH='$LIB'
                   |'$PLATFORM' 'or '$ORIGIN'   |or '$PLATFORM' 'or
                   |since 2.18                  |'$ORIGIN'  since 2.18

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug libc/27499] segfault on static ldconfig with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN'  since 2.18
  2021-03-02 18:11 [Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN' since 2.18 adrien.mahieux at gmail dot com
  2021-03-02 18:14 ` [Bug libc/27499] segfault on static ldconfig " adrien.mahieux at gmail dot com
@ 2021-03-02 19:00 ` adrien.mahieux at gmail dot com
  2021-03-03  3:34 ` fweimer at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: adrien.mahieux at gmail dot com @ 2021-03-02 19:00 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27499

--- Comment #1 from Adrien Mahieux <adrien.mahieux at gmail dot com> ---
Looks like this was reported in:
- Fedora 28 (https://bugzilla.redhat.com/show_bug.cgi?id=1609351)
- Fedora 33 (https://bugzilla.redhat.com/show_bug.cgi?id=1715110) 

it was said to be reported upstream, but I can't find any related ticket here.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug libc/27499] segfault on static ldconfig with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN'  since 2.18
  2021-03-02 18:11 [Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN' since 2.18 adrien.mahieux at gmail dot com
  2021-03-02 18:14 ` [Bug libc/27499] segfault on static ldconfig " adrien.mahieux at gmail dot com
  2021-03-02 19:00 ` adrien.mahieux at gmail dot com
@ 2021-03-03  3:34 ` fweimer at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2021-03-03  3:34 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27499

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-
                 CC|                            |fweimer at redhat dot com
         Resolution|---                         |DUPLICATE
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
There's a reference to the upstream bug in the Links section of the first
(glibc) bug.

*** This bug has been marked as a duplicate of bug 23462 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-03-03  3:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-02 18:11 [Bug libc/27499] New: segfault on static bin with LD_LIBRARY_PATH='$LIB' or '$PLATFORM' 'or '$ORIGIN' since 2.18 adrien.mahieux at gmail dot com
2021-03-02 18:14 ` [Bug libc/27499] segfault on static ldconfig " adrien.mahieux at gmail dot com
2021-03-02 19:00 ` adrien.mahieux at gmail dot com
2021-03-03  3:34 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).