This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13601] New: Fail to load dynamic libs when entire ELF header cannot be read in one syscall
- From: "tatannen at wisc dot edu" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 18 Jan 2012 04:14:38 +0000
- Subject: [Bug libc/13601] New: Fail to load dynamic libs when entire ELF header cannot be read in one syscall
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13601
Bug #: 13601
Summary: Fail to load dynamic libs when entire ELF header
cannot be read in one syscall
Product: glibc
Version: 2.14
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: tatannen@wisc.edu
Classification: Unclassified
As stated in the man pages, the read() system call may read/return less bytes
than requested, for a variety of well-documented reasons.
In elf/dl-load.c, function open_verify() attempts to read the entire elf header
(over 800 bytes on x86_84) in one invocation of the read system call, and if
all bytes are not read, the shared library will not load with a "file too
short" error. This could cause failures, for instance, loading over networked
file systems configured with a small (less than 800byte) MTU size.
In elf/dl-load.c the problem is here:
1714: size_t maplength;
1715:
1716: /* We successfully openened the file. Now verify it is a file
1717: we can use. */
1718: __set_errno (0);
1719: fbp->len = __libc_read (fd, fbp->buf, sizeof (fbp->buf));
1720:
1721: /* This is where the ELF header is loaded. */
1722: assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1723: ehdr = (ElfW(Ehdr) *) fbp->buf;
1724:
1725: /* Now run the tests. */
1726: if (__builtin_expect (fbp->len < (ssize_t) sizeof (ElfW(Ehdr)), 0))
1727: {
1728: errval = errno;
On line 1719, if the read returns less than sizeof (ElfW(Ehdr)) as tested on
line 1726, the library load will fail.
The call to libc_read on line 1719 should be repeated while libc_read
returns a value greater than zero. If you desire me to write/submit a patch,
I'd be happy to help out, just ask.
Thank you!
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.