public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
@ 2021-04-25  9:54 wangxuszcn at foxmail dot com
  2021-04-25  9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: wangxuszcn at foxmail dot com @ 2021-04-25  9:54 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27778

            Bug ID: 27778
           Summary: _dl_tlsdesc_dynamic return invalid offset when
                    tls_addr is very small in ILP32
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: wangxuszcn at foxmail dot com
  Target Milestone: ---

<_dl_tlsdesc_dynamic>:
   0xf77d3dd4 <+180>:   mov     x0, x1           #x0 = 0x413770 = malloc(xxxx)
   0xf77d3dd8 <+184>:   bl      0xf77bece0 <__tls_get_addr@plt>
=> 0xf77d3ddc <+188>:   mrs     x1, tpidr_el0    #x1 = 0xf5de7920(pthread_t)
   0xf77d3de0 <+192>:   sub     w0, w0, w1       #w0 = w0 - w1 = 0x413770 -
0xf5de7920 = 0xa62be50 ----> overflow

(gdb) i r
x0             0x413770 4274032
x1             0xf5de7920       4124997920
x2             0x0      0
x3             0x3008   12296
x4             0x416778 4286328
x5             0x416778 4286328
x16            0x270f   9999
x18            0x7      7
x19            0x64     100
x20            0xf5de7920       4124997920
x21            0xfffefa96       4294900374
x22            0xfffefa97       4294900375


(gdb) thread apply 5 si

Thread 5 (Thread 0xf5de7490 (LWP 2551)):
0xf75eb73c in thread_func (arg=<optimized out>) at tls_test.c:69
69          tls_var = count++;
(gdb) disassemble
   0xf75eb728 <+88>:    bl      0xf75eb4f0 <copy@plt>
   0xf75eb72c <+92>:    adrp    x0, 0xf75ff000
   0xf75eb730 <+96>:    ldr     w1, [x0,#28]
   0xf75eb734 <+100>:   add     w0, w0, #0x1c
   0xf75eb738 <+104>:   blr     x1
=> 0xf75eb73c <+108>:   str     x19, [x20,w0,sxtw]      
#[x20,w0,sxtw]=[0xf5de7920,0xa62be50,sxtw] = 0x100413770     ----> not valid
addr
   0xf75eb740 <+112>:   bl      0xf75eb500 <GetTls@plt>
   0xf75eb744 <+116>:   mov     x19, x0
   0xf75eb748 <+120>:   b       0xf75eb720 <thread_func+80>
(gdb) i r
x0             0xa62be50        174243408
x1             0xf77d3d20       4152180000
x2             0x1      1
x4             0xf5de7514       4124996884
x5             0xf5de7490       4124996752
x7             0x7f7f7f7f7f7f7f7f       9187201950435737471
x8             0x40     64
x10            0xa      10
x11            0x20     32
x13            0x10     16
x16            0xf75ff014       4150259732
x17            0xf7661ca0       4150664352
x18            0x0      0
x19            0x64     100
x20            0xf5de7920       4124997920
x21            0xfffefa96       4294900374
x22            0xfffefa97       4294900375

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/27778] _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
  2021-04-25  9:54 [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 wangxuszcn at foxmail dot com
@ 2021-04-25  9:59 ` wangxuszcn at foxmail dot com
  2021-04-25 10:25 ` schwab@linux-m68k.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: wangxuszcn at foxmail dot com @ 2021-04-25  9:59 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27778

--- Comment #1 from wangxu <wangxuszcn at foxmail dot com> ---
Created attachment 13398
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13398&action=edit
test demo

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/27778] _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
  2021-04-25  9:54 [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 wangxuszcn at foxmail dot com
  2021-04-25  9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com
@ 2021-04-25 10:25 ` schwab@linux-m68k.org
  2021-04-26  6:17 ` fweimer at redhat dot com
  2021-04-27 10:09 ` schwab@linux-m68k.org
  3 siblings, 0 replies; 5+ messages in thread
From: schwab@linux-m68k.org @ 2021-04-25 10:25 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27778

--- Comment #2 from Andreas Schwab <schwab@linux-m68k.org> ---
I think this is <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83466>.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/27778] _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
  2021-04-25  9:54 [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 wangxuszcn at foxmail dot com
  2021-04-25  9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com
  2021-04-25 10:25 ` schwab@linux-m68k.org
@ 2021-04-26  6:17 ` fweimer at redhat dot com
  2021-04-27 10:09 ` schwab@linux-m68k.org
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2021-04-26  6:17 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27778

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
This is AArch64 ILP32, right? This port does not exist in sourceware/upstream
glibc.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug dynamic-link/27778] _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
  2021-04-25  9:54 [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 wangxuszcn at foxmail dot com
                   ` (2 preceding siblings ...)
  2021-04-26  6:17 ` fweimer at redhat dot com
@ 2021-04-27 10:09 ` schwab@linux-m68k.org
  3 siblings, 0 replies; 5+ messages in thread
From: schwab@linux-m68k.org @ 2021-04-27 10:09 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27778

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |MOVED
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #4 from Andreas Schwab <schwab@linux-m68k.org> ---
Not a glibc bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-04-27 10:09 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-25  9:54 [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 wangxuszcn at foxmail dot com
2021-04-25  9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com
2021-04-25 10:25 ` schwab@linux-m68k.org
2021-04-26  6:17 ` fweimer at redhat dot com
2021-04-27 10:09 ` schwab@linux-m68k.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).