This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug dynamic-link/20802] New: getauxval NULL pointer dereference after static dlopen


https://sourceware.org/bugzilla/show_bug.cgi?id=20802

            Bug ID: 20802
           Summary: getauxval NULL pointer dereference after static dlopen
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
             Flags: security-

Created attachment 9620
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9620&action=edit
0001-Test-case-for-getauxval-after-static-dlopen.patch

The attached test case fails because _rtld_global_ro is not initialized after
static dlopen (beyond the static initializer), so GLRO (dl_auxv) is a NULL
pointer.

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b41977 in __getauxval (type=25) at getauxval.c:36
36        for (p = GLRO(dl_auxv); p->a_type != AT_NULL; p++)
(gdb) bt
#0  0x00007ffff7b41977 in __getauxval (type=25) at getauxval.c:36
#1  0x00007ffff7df974f in getauxval_wrapper (type=type@entry=25,
errnop=errnop@entry=0x7fffffffdb2c)
    at tst-auxvalmod.c:28
#2  0x0000000000401171 in do_test () at tst-getauxval-static.c:59
#3  0x00000000004007f7 in main (argc=<optimized out>, argv=<optimized out>) at
../test-skeleton.c:513
(gdb) 

I think we need a way to inject this information into the inner libc, so I'm
putting this bug into the dynamic-link component.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]