public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "wangxuszcn at foxmail dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/27778] New: _dl_tlsdesc_dynamic return invalid offset when tls_addr is very small in ILP32
Date: Sun, 25 Apr 2021 09:54:58 +0000 [thread overview]
Message-ID: <bug-27778-131@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=27778
Bug ID: 27778
Summary: _dl_tlsdesc_dynamic return invalid offset when
tls_addr is very small in ILP32
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: wangxuszcn at foxmail dot com
Target Milestone: ---
<_dl_tlsdesc_dynamic>:
0xf77d3dd4 <+180>: mov x0, x1 #x0 = 0x413770 = malloc(xxxx)
0xf77d3dd8 <+184>: bl 0xf77bece0 <__tls_get_addr@plt>
=> 0xf77d3ddc <+188>: mrs x1, tpidr_el0 #x1 = 0xf5de7920(pthread_t)
0xf77d3de0 <+192>: sub w0, w0, w1 #w0 = w0 - w1 = 0x413770 -
0xf5de7920 = 0xa62be50 ----> overflow
(gdb) i r
x0 0x413770 4274032
x1 0xf5de7920 4124997920
x2 0x0 0
x3 0x3008 12296
x4 0x416778 4286328
x5 0x416778 4286328
x16 0x270f 9999
x18 0x7 7
x19 0x64 100
x20 0xf5de7920 4124997920
x21 0xfffefa96 4294900374
x22 0xfffefa97 4294900375
(gdb) thread apply 5 si
Thread 5 (Thread 0xf5de7490 (LWP 2551)):
0xf75eb73c in thread_func (arg=<optimized out>) at tls_test.c:69
69 tls_var = count++;
(gdb) disassemble
0xf75eb728 <+88>: bl 0xf75eb4f0 <copy@plt>
0xf75eb72c <+92>: adrp x0, 0xf75ff000
0xf75eb730 <+96>: ldr w1, [x0,#28]
0xf75eb734 <+100>: add w0, w0, #0x1c
0xf75eb738 <+104>: blr x1
=> 0xf75eb73c <+108>: str x19, [x20,w0,sxtw]
#[x20,w0,sxtw]=[0xf5de7920,0xa62be50,sxtw] = 0x100413770 ----> not valid
addr
0xf75eb740 <+112>: bl 0xf75eb500 <GetTls@plt>
0xf75eb744 <+116>: mov x19, x0
0xf75eb748 <+120>: b 0xf75eb720 <thread_func+80>
(gdb) i r
x0 0xa62be50 174243408
x1 0xf77d3d20 4152180000
x2 0x1 1
x4 0xf5de7514 4124996884
x5 0xf5de7490 4124996752
x7 0x7f7f7f7f7f7f7f7f 9187201950435737471
x8 0x40 64
x10 0xa 10
x11 0x20 32
x13 0x10 16
x16 0xf75ff014 4150259732
x17 0xf7661ca0 4150664352
x18 0x0 0
x19 0x64 100
x20 0xf5de7920 4124997920
x21 0xfffefa96 4294900374
x22 0xfffefa97 4294900375
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2021-04-25 9:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-25 9:54 wangxuszcn at foxmail dot com [this message]
2021-04-25 9:59 ` [Bug dynamic-link/27778] " wangxuszcn at foxmail dot com
2021-04-25 10:25 ` schwab@linux-m68k.org
2021-04-26 6:17 ` fweimer at redhat dot com
2021-04-27 10:09 ` schwab@linux-m68k.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-27778-131@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).