public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/29235] New: Some tests crash in ELF_DYNAMIC_DO_RELR on powerpc64le Date: Thu, 09 Jun 2022 10:19:35 +0000 [thread overview] Message-ID: <bug-29235-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=29235 Bug ID: 29235 Summary: Some tests crash in ELF_DYNAMIC_DO_RELR on powerpc64le Product: glibc Version: unspecified Status: NEW Severity: critical Priority: P1 Component: dynamic-link Assignee: unassigned at sourceware dot org Reporter: fweimer at redhat dot com Target Milestone: --- Target: powerpc64le-*-linux-gnu Flags: security- I cleaned up the macro goo for easier debugging, and we crash on line 169: 153 static __always_inline void 154 elf_dynamic_do_relr (struct link_map *map) 155 { 156 ElfW(Addr) l_addr = (map)->l_addr, *where = 0; 157 const ElfW(Relr) *r, *end; 158 if ((map)->l_info[DT_RELR] == NULL) 159 return; 160 r = (const ElfW(Relr) *)D_PTR((map), l_info[DT_RELR]); 161 end = (const ElfW(Relr) *)((const char *)r + 162 (map)->l_info[DT_RELRSZ]->d_un.d_val); 163 for (; r < end; r++) 164 { 165 ElfW(Relr) entry = *r; 166 if ((entry & 1) == 0) 167 { 168 where = (ElfW(Addr) *)(l_addr + entry); 169 *where++ += l_addr; 170 } 171 else 172 { 173 for (long int i = 0; (entry >>= 1) != 0; i++) 174 if ((entry & 1) != 0) 175 where[i] += l_addr; 176 where += CHAR_BIT * sizeof(ElfW(Relr)) - 1; 177 } 178 } 179 } Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f9f028 in elf_dynamic_do_relr (map=0x7ffff7ff1320) at dynamic-link.h:169 169 *where++ += l_addr; (gdb) bt #0 0x00007ffff7f9f028 in elf_dynamic_do_relr (map=0x7ffff7ff1320) at dynamic-link.h:169 #1 elf_dynamic_relocate (skip_ifunc=<optimized out>, consider_profile=<optimized out>, lazy=1, scope=0x7ffff7ff16c0, map=0x7ffff7ff1320) at dynamic-link.h:198 #2 _dl_relocate_object (l=0x7ffff7ff1320, scope=0x7ffff7ff16c0, reloc_mode=<optimized out>, consider_profiling=<optimized out>) at dl-reloc.c:301 #3 0x00007ffff7fb9380 in dl_main (phdr=<optimized out>, phnum=<optimized out>, user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2314 #4 0x00007ffff7fb4170 in _dl_sysdep_start (start_argptr=<optimized out>, dl_main=0x7ffff7fb6d60 <dl_main>) at ../sysdeps/unix/sysv/linux/dl-sysdep.c:140 #5 0x00007ffff7fb5c58 in _dl_start_final (arg=arg@entry=0x7fffffffec60, info=info@entry=0x7fffffffe650) at rtld.c:497 #6 0x00007ffff7fb68b8 in _dl_start (arg=0x7fffffffec60) at rtld.c:586 #7 0x00007ffff7fb4f38 in _start () from /builddir/build/BUILD/glibc-2.35.9000-583-gace9e3edbc/build-ppc64le-redhat-linux/elf/ld.so (gdb) print where $1 = (Elf64_Addr *) 0x7ffff7eb5dc8 (gdb) print *where $2 = 67536 I'm hitting a debugability issue here, but I think this address is in a read-only segment of the main executable. I don't know yet if BFD ld produced wrong relocation data. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2022-06-09 10:19 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-06-09 10:19 fweimer at redhat dot com [this message] 2022-06-09 10:19 ` [Bug dynamic-link/29235] " fweimer at redhat dot com 2022-06-09 10:38 ` fweimer at redhat dot com 2022-06-09 10:41 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-29235-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).