12489 – prelinking ldso causes binaries to segfault upon startup

Bug 12489 - prelinking ldso causes binaries to segfault upon startup

Summary: prelinking ldso causes binaries to segfault upon startup

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.13

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-02-14 04:56 UTC by Mike Frysinger
Modified:	2014-06-27 13:51 UTC (History)
CC List:	6 users (show)

See Also:	http://bugs.gentoo.org/show_bug.cgi?id=353814 https://bugzilla.redhat.com/show_bug.cgi?id=638091
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Frysinger 2011-02-14 04:56:15 UTC

after upgrading from glibc-2.12.2 to glibc-2.13 and running prelink on the system, many binaries segfault immediately. undoing prelink on just the ldso makes the segfaults go away.

using git bisect from the glibc-2.12 tag to the glibc-2.13 tag shows the trouble starts around commit bc5fb0374c3ce6eca92f44d13a55b066e707c4a0 (Don't try to free rpath strings allocated during startup). and indeed, if i take current master (edf9294e7a2cd46b050faf2d270d28ff477f6c5e) and revert that one commit, things still work fine. same goes for taking glibc-2.13 and reverting that one change.

http://sourceware.org/git/?p=glibc.git;a=commit;h=bc5fb0374c3ce6eca92f44d13a55b066e707c4a0

full bisect log:
# bad: [6392473fe970b0cdace62f31000a83ba0fcf6161] 2.13 release
# good: [e28c88707ef0529593fccedf1a94c3fce3df0ef3] Prepare for release. git bisect start 'glibc-2.13' 'glibc-2.12'
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# bad: [fdc0f374bcd2d0513569aa8d600f960e43e8af1d] Fix perturbing in malloc on free.
git bisect bad fdc0f374bcd2d0513569aa8d600f960e43e8af1d
# bad: [91c42559190f59c6c4b3cb0b7f5c9bb11dd28161] powerpc: Use generic memset
for RTLD for ppc32/64
git bisect bad 91c42559190f59c6c4b3cb0b7f5c9bb11dd28161
# good: [e66e7419a6f58200eec6941b14e2dcff9875cc6c] Actually make it possible to
user the default name server.
git bisect good e66e7419a6f58200eec6941b14e2dcff9875cc6c
# bad: [dda51327baa01c8e5c188a9952317396bb5569b1] Undo feature selection for
ftruncate.
git bisect bad dda51327baa01c8e5c188a9952317396bb5569b1
# bad: [8ffcee4a049b244e369e371536486a9b2eabb25f] Fix limit detection in x86-64
SSE2 strncasecmp.
git bisect bad 8ffcee4a049b244e369e371536486a9b2eabb25f
# bad: [7291c56f9d6f5861d1c001bc63a364f047a74738] Fix register conflict in s390
____longjmp_chk
git bisect bad 7291c56f9d6f5861d1c001bc63a364f047a74738
# bad: [bc5fb0374c3ce6eca92f44d13a55b066e707c4a0] Don't try to free rpath strings allocated during startup
git bisect bad bc5fb0374c3ce6eca92f44d13a55b066e707c4a0

the simple test script i was using (probably should automate this with `git
bisect run`, but oh well):
rm -rf chroot
mkdir chroot
cd chroot
mkdir lib etc bin
ln -s lib lib64
cp `which gcc` `which prelink` bin
cp /etc/prelink.conf etc
cp ../lib*.so.? lib/
cp ../elf/ld.so lib/ld-linux-x86-64.so.2
sudo chroot . prelink -a
sudo chroot . gcc

if gcc crashes, then it doesnt look so good

Comment 1 Allan McRae 2011-02-14 06:44:39 UTC

Looking at the bisect result, this patch from the Fedora branch seemed a likely fix:
http://sourceware.org/git/?p=glibc.git;a=commit;h=25b3aada

Taking glibc-2.13 and adding that patch makes the test script work.

Comment 2 Dmitry V. Levin 2011-02-14 10:44:09 UTC

According to bugzilla.redhat.com, the issue have been reported a dozen times already.

Comment 3 Mike Frysinger 2011-02-14 17:00:33 UTC

(In reply to comment #1)

thanks, that patch seems to work for me too.  i guess we'll want it cherry picked into master and the glibc-2.13 release branches.  but i dont think the glibc-2.13 branch can get it until the master does ...

Comment 4 Carlos O'Donell 2011-02-14 17:08:13 UTC

Correct, it must be on master before I can cherry-pick it into 2.13. Please add the keyword "glibc-2.13" if you want me to cherry-pick it into 2.13 stable.

Comment 5 Ulrich Drepper 2011-02-20 12:26:28 UTC

I added a patch.

Comment 6 Mike Frysinger 2011-02-20 17:38:45 UTC

Carlos: you'll want e23fe25b33324a9ea992276c1a4f04127bf9ba4b

Comment 7 Carlos O'Donell 2011-02-23 16:26:39 UTC

No regressions. Fix cherry-picked into 2.13. Thanks!