This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/21913] New: static bianries SIGSEV in __brk when host gcc is pie-by-default (i386)
- From: "slyfox at inbox dot ru" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 06 Aug 2017 20:12:05 +0000
- Subject: [Bug libc/21913] New: static bianries SIGSEV in __brk when host gcc is pie-by-default (i386)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21913
Bug ID: 21913
Summary: static bianries SIGSEV in __brk when host gcc is
pie-by-default (i386)
Product: glibc
Version: 2.27
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: slyfox at inbox dot ru
CC: drepper.fsp at gmail dot com
Target Milestone: ---
I think __sbrk is called in __libc_setup_tls before setting up %gs/TLS
properly.
Causes early SIGSEGV at startup.
Noticed SIGSEGV when tried to install glibc-git in i386:
Crash happens at stage when 'elf/sln' is called (at 'make install' phase):
$ gdb --args elf/sln elf/symlink.list
Program received signal SIGSEGV, Segmentation fault.
__brk (addr=0x0) at ../sysdeps/unix/sysv/linux/i386/brk.c:35
35 void *newbrk = (void *) INTERNAL_SYSCALL (brk, err, 1, addr);
(gdb) bt
#0 __brk (addr=0x0) at ../sysdeps/unix/sysv/linux/i386/brk.c:35
#1 0x08074589 in __sbrk (increment=3392) at sbrk.c:43
#2 0x08049bd8 in __libc_setup_tls () at libc-tls.c:145
#3 0x080494a2 in __libc_start_main (main=0x80482c0 <main>, argc=2,
argv=0xffffc094, init=0x8049d70 <__libc_csu_init>, fini=0x8049e20
<__libc_csu_fini>, rtld_fini=0x0, stack_end=0xffffc08c)
at ../csu/libc-start.c:197
#4 0x08048a73 in _start () at ../sysdeps/i386/start.S:109
(gdb) disassemble
Dump of assembler code for function __brk:
0x08097d50 <+0>: call 0x805aeee <__x86.get_pc_thunk.cx>
0x08097d55 <+5>: add $0x402ab,%ecx
0x08097d5b <+11>: push %ebx
0x08097d5c <+12>: mov $0x2d,%eax
0x08097d61 <+17>: sub $0x8,%esp
0x08097d64 <+20>: mov 0x10(%esp),%ebx
=> 0x08097d68 <+24>: call *%gs:0x10
0x08097d6f <+31>: mov %eax,%edx
0x08097d71 <+33>: mov %eax,0x1a64(%ecx)
0x08097d77 <+39>: xor %eax,%eax
0x08097d79 <+41>: cmp %edx,%ebx
0x08097d7b <+43>: jbe 0x8097d89 <__brk+57>
0x08097d7d <+45>: mov $0xfffffff4,%eax
0x08097d82 <+50>: mov %ecx,%ebx
0x08097d84 <+52>: call 0x80499b0 <__syscall_error>
0x08097d89 <+57>: add $0x8,%esp
0x08097d8c <+60>: pop %ebx
0x08097d8d <+61>: ret
End of assembler dump.
(gdb) list
30
31 int
32 __brk (void *addr)
33 {
34 INTERNAL_SYSCALL_DECL (err);
35 void *newbrk = (void *) INTERNAL_SYSCALL (brk, err, 1, addr);
36 __curbrk = newbrk;
37 if (newbrk < addr)
38 return INLINE_SYSCALL_ERROR_RETURN_VALUE (ENOMEM);
39 return 0;
Note that for INTERNAL_SYSCALL 'call *%gs:0x10' is used.
AFAIU gs is supposed to be initialized by glibc itself for main thread.
But __sbrk system call is used before tls area is set.
--
You are receiving this mail because:
You are on the CC list for the bug.