public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "petelomax at ymail dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/30020] segfault in ld-linux after aug 2022
Date: Thu, 16 Feb 2023 22:33:33 +0000 [thread overview]
Message-ID: <bug-30020-131-hm7dA8mpn1@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-30020-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=30020
--- Comment #12 from Pete Lomax <petelomax at ymail dot com> ---
Here's a 32 bit nasm example that works fine on 3.2.0-126-generic-pae but
segfaults on 5.15.0-58-generic. I have narrowed it down to the PT_LOAD 3 or 4,
if you put 4 of 4 back in it'll work again, I'll continue playing with that to
see whether I can get what I need out of it (and make me a 64-bit version).
; tiny.asm
BITS 32
%define ET_EXEC 2
%define EM_386 3
%define EV_CURRENT 1
%define PT_LOAD 1
%define PT_DYNAMIC 2
%define PT_INTERP 3
%define PF_X 1
%define PF_W 2
%define PF_R 4
%define STT_FUNC 2
%define STB_GLOBAL 1
%define R_386_PC32 2
%define DT_NULL 0
%define DT_NEEDED 1
%define DT_HASH 4
%define DT_STRTAB 5
%define DT_SYMTAB 6
%define DT_STRSZ 10
%define DT_SYMENT 11
%define DT_REL 17
%define DT_RELSZ 18
%define DT_RELENT 19
%define ST_INFO(b, t) (((b) << 4) | (t))
%define R_INFO(s, t) (((s) << 8) | (t))
phentsz equ 0x20
; shentsz equ 0x28
shentsz equ 0x0
org 0x08048000
;; The ELF header
ehdr: ; Elf32_Ehdr
db 0x7F, "ELF", 1, 1, 1 ; e_ident
times 9 db 0
dw ET_EXEC ; e_type
dw EM_386 ; e_machine
dd EV_CURRENT ; e_version
dd _start ; e_entry
dd phdr - $$ ; e_phoff
dd 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsz ; e_ehsize
dw phentsz ; e_phentsize
dw 3 ; e_phnum
dw shentsz ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx
ehdrsz equ $ - ehdr
;; The program segment header table
phdr: ; Elf32_Phdr
dd PT_INTERP ; p_type
dd interp - $$ ; p_offset
dd interp ; p_vaddr
dd interp ; p_paddr
dd interpsz ; p_filesz
dd interpsz ; p_memsz
dd PF_R ; p_flags
dd 0 ; p_align
; phentsz equ $ - phdr
dd PT_DYNAMIC ; p_type
dd dyntab - $$ ; p_offset
dd dyntab ; p_vaddr
dd dyntab ; p_paddr
dd dyntabsz ; p_filesz
dd dyntabsz ; p_memsz
dd PF_R | PF_W ; p_flags
dd 4 ; p_align
; dd PT_LOAD ; p_type
; dd symtab - $$ ; p_offset
; dd symtab ; p_vaddr
; dd symtab ; p_paddr
; dd symtabsz ; p_filesz
; dd symtabsz ; p_memsz
; dd PF_R | PF_W ; p_flags
; dd 4 ; p_align
;
; dd PT_LOAD ; p_type
; dd data - $$ ; p_offset
; dd data ; p_vaddr
; dd data ; p_paddr
; dd datasz ; p_filesz
; dd datasz ; p_memsz
; dd PF_R | PF_W ; p_flags
; dd 4 ; p_align
dd PT_LOAD ; p_type
dd code - $$ ; p_offset
dd code ; p_vaddr
dd code ; p_paddr
dd codesz ; p_filesz
dd codesz ; p_memsz
dd PF_R | PF_W | PF_X ; p_flags
dd 0x1000 ; p_align
; dd PT_LOAD ; p_type
; dd 0 ; p_offset
; dd $$ ; p_vaddr
; dd $$ ; p_paddr
; dd filesz ; p_filesz
; dd memsz ; p_memsz
; dd PF_R | PF_W | PF_X ; p_flags
; dd 0x1000 ; p_align
;; The interpreter segment
interp:
db '/lib/ld-linux.so.2', 0
interpsz equ $ - interp
db 0 ; pad/dword-align
;; The dynamic section
dyntab:
dd DT_STRTAB, strtab
dd DT_STRSZ, strtabsz
dd DT_SYMTAB, symtab
dd DT_SYMENT, symentsz
dd DT_REL, reltab
dd DT_RELSZ, reltabsz
dd DT_RELENT, relentsz
dd DT_HASH, hashtab
dd DT_NEEDED, libc_name
dd DT_NULL, 0
dyntabsz equ $ - dyntab
;; The symbol table
symtab: ; Elf32_Sym
dd 0 ; st_name
dd 0 ; st_value
dd 0 ; st_size
db 0 ; st_info
db 0 ; st_other
dw 0 ; st_shndx
symentsz equ $ - symtab
dd exit_name ; st_name
dd 0 ; st_value
dd 0 ; st_size
db ST_INFO(STB_GLOBAL, STT_FUNC) ; st_info
db 0 ; st_other
dw 0 ; st_shndx
;; The hash table
hashtab:
dd 1 ; no. of buckets
dd 2 ; no. of symbols
dd 1 ; the bucket: symbol #1
dd 0, 0 ; two links, both zero
;; The string table
strtab:
db 0
libc_name equ $ - strtab
db 'libc.so.6', 0
exit_name equ $ - strtab
db '_exit', 0
strtabsz equ $ - strtab
;; The relocation table
reltab: ; Elf32_Rel
dd exit_call ; r_offset
dd R_INFO(1, R_386_PC32) ; r_info
relentsz equ $ - reltab
reltabsz equ $ - reltab
symtabsz equ $ - symtab
;; Data section
data db 'Phix'
; exit dd 0
datasz equ $ - data
;; Our program
_start:
push byte 42
call exit_call
exit_call equ $ - 4
code equ _start
codesz equ $ - code
;; End of the file image.
filesz equ $ - $$
memsz equ filesz
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2023-02-16 22:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-18 12:46 [Bug dynamic-link/30020] New: " petelomax at ymail dot com
2023-01-19 11:47 ` [Bug dynamic-link/30020] " petelomax at ymail dot com
2023-02-12 12:52 ` petelomax at ymail dot com
2023-02-13 14:23 ` adhemerval.zanella at linaro dot org
2023-02-13 19:30 ` petelomax at ymail dot com
2023-02-15 17:45 ` petelomax at ymail dot com
2023-02-15 17:51 ` adhemerval.zanella at linaro dot org
2023-02-15 18:38 ` petelomax at ymail dot com
2023-02-15 19:57 ` adhemerval.zanella at linaro dot org
2023-02-16 11:36 ` petelomax at ymail dot com
2023-02-16 11:59 ` adhemerval.zanella at linaro dot org
2023-02-16 22:03 ` petelomax at ymail dot com
2023-02-16 22:33 ` petelomax at ymail dot com [this message]
2023-02-16 22:52 ` petelomax at ymail dot com
2023-02-17 12:14 ` adhemerval.zanella at linaro dot org
2023-02-20 18:26 ` petelomax at ymail dot com
2023-02-20 18:39 ` petelomax at ymail dot com
2023-02-20 19:09 ` adhemerval.zanella at linaro dot org
2023-02-21 10:26 ` fweimer at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-30020-131-hm7dA8mpn1@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).