public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "wangxuszcn at foxmail dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 Date: Sun, 25 Apr 2021 09:54:58 +0000 [thread overview] Message-ID: <bug-27778-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=27778 Bug ID: 27778 Summary: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32 Product: glibc Version: unspecified Status: UNCONFIRMED Severity: critical Priority: P2 Component: dynamic-link Assignee: unassigned at sourceware dot org Reporter: wangxuszcn at foxmail dot com Target Milestone: --- <_dl_tlsdesc_dynamic>: 0xf77d3dd4 <+180>: mov x0, x1 #x0 = 0x413770 = malloc(xxxx) 0xf77d3dd8 <+184>: bl 0xf77bece0 <__tls_get_addr@plt> => 0xf77d3ddc <+188>: mrs x1, tpidr_el0 #x1 = 0xf5de7920(pthread_t) 0xf77d3de0 <+192>: sub w0, w0, w1 #w0 = w0 - w1 = 0x413770 - 0xf5de7920 = 0xa62be50 ----> overflow (gdb) i r x0 0x413770 4274032 x1 0xf5de7920 4124997920 x2 0x0 0 x3 0x3008 12296 x4 0x416778 4286328 x5 0x416778 4286328 x16 0x270f 9999 x18 0x7 7 x19 0x64 100 x20 0xf5de7920 4124997920 x21 0xfffefa96 4294900374 x22 0xfffefa97 4294900375 (gdb) thread apply 5 si Thread 5 (Thread 0xf5de7490 (LWP 2551)): 0xf75eb73c in thread_func (arg=<optimized out>) at tls_test.c:69 69 tls_var = count++; (gdb) disassemble 0xf75eb728 <+88>: bl 0xf75eb4f0 <copy@plt> 0xf75eb72c <+92>: adrp x0, 0xf75ff000 0xf75eb730 <+96>: ldr w1, [x0,#28] 0xf75eb734 <+100>: add w0, w0, #0x1c 0xf75eb738 <+104>: blr x1 => 0xf75eb73c <+108>: str x19, [x20,w0,sxtw] #[x20,w0,sxtw]=[0xf5de7920,0xa62be50,sxtw] = 0x100413770 ----> not valid addr 0xf75eb740 <+112>: bl 0xf75eb500 <GetTls@plt> 0xf75eb744 <+116>: mov x19, x0 0xf75eb748 <+120>: b 0xf75eb720 <thread_func+80> (gdb) i r x0 0xa62be50 174243408 x1 0xf77d3d20 4152180000 x2 0x1 1 x4 0xf5de7514 4124996884 x5 0xf5de7490 4124996752 x7 0x7f7f7f7f7f7f7f7f 9187201950435737471 x8 0x40 64 x10 0xa 10 x11 0x20 32 x13 0x10 16 x16 0xf75ff014 4150259732 x17 0xf7661ca0 4150664352 x18 0x0 0 x19 0x64 100 x20 0xf5de7920 4124997920 x21 0xfffefa96 4294900374 x22 0xfffefa97 4294900375 -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2021-04-25 9:54 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-04-25 9:54 wangxuszcn at foxmail dot com [this message] 2021-04-25 9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com 2021-04-25 10:25 ` schwab@linux-m68k.org 2021-04-26 6:17 ` fweimer at redhat dot com 2021-04-27 10:09 ` schwab@linux-m68k.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-27778-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).