This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/22238] New: NULL pointer dereference in dlopen on out-of-memory
- From: "andreas+sourceware at aurora dot npff.co" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 03 Oct 2017 07:23:56 +0000
- Subject: [Bug dynamic-link/22238] New: NULL pointer dereference in dlopen on out-of-memory
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22238
Bug ID: 22238
Summary: NULL pointer dereference in dlopen on out-of-memory
Product: glibc
Version: 2.26
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: andreas+sourceware at aurora dot npff.co
Target Milestone: ---
Doing low-memory stress testing on PostgreSQL yielded a crash in dlopen.
It looks like the code in fillin_rpath tripped into
expand_dynamic_string_token returning a NULL on a failed malloc:
,----[ glibc-2.24/elf/dl-load.c:442 ]
| to_free = cp = expand_dynamic_string_token (l, cp, 1);
|
| size_t len = strlen (cp);
`----
Backtrace below.
regards,
Andreas
Core was generated by `postgres: bgworker: parallel worker for PID 24326
'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007f5184852a36 in fillin_rpath (rpath=<optimized out>,
rpath@entry=0x55b692f0d360 "/home/smith/postgres/inst/master/lib",
result=result@entry=0x55b692f1b380, sep=sep@entry=0x7f5184868060 ":",
check_trusted=check_trusted@entry=0, what=what@entry=0x7f51848683bd
"RUNPATH", where=where@entry=0x55b692f2d2f0
"/home/smith/postgres/inst/master/lib/pgcrypto.so", l=0x55b692f2d330)
at dl-load.c:444
#2 0x00007f5184852daf in decompose_rpath (sps=sps@entry=0x55b692f2d6d8,
rpath=<optimized out>, l=l@entry=0x55b692f2d330, what=what@entry=0x7f51848683bd
"RUNPATH") at dl-load.c:618
#3 0x00007f5184852ef7 in cache_rpath (l=l@entry=0x55b692f2d330,
sp=sp@entry=0x55b692f2d6d8, tag=tag@entry=29, what=what@entry=0x7f51848683bd
"RUNPATH") at dl-load.c:652
#4 0x00007f5184853c62 in cache_rpath (what=0x7f51848683bd "RUNPATH", tag=29,
sp=0x55b692f2d6d8, l=0x55b692f2d330) at dl-load.c:2307
#5 _dl_map_object (loader=0x55b692f2d330, name=0x7f517f300cc3 "libz.so.1",
type=2, trace_mode=0, mode=<optimized out>, nsid=<optimized out>) at
dl-load.c:2314
#6 0x00007f5184857e70 in openaux (a=a@entry=0x7ffd4f686130) at dl-deps.c:63
#7 0x00007f518485a4f4 in _dl_catch_error
(objname=objname@entry=0x7ffd4f686128,
errstring=errstring@entry=0x7ffd4f686120,
mallocedp=mallocedp@entry=0x7ffd4f68611f, operate=operate@entry=0x7f5184857e40
<openaux>, args=args@entry=0x7ffd4f686130) at dl-error.c:187
#8 0x00007f51848580df in _dl_map_object_deps (map=map@entry=0x55b692f2d330,
preloads=preloads@entry=0x0, npreloads=npreloads@entry=0,
trace_mode=trace_mode@entry=0, open_mode=open_mode@entry=-2147483648) at
dl-deps.c:254
#9 0x00007f518485ea02 in dl_open_worker (a=a@entry=0x7ffd4f6863c0) at
dl-open.c:280
#10 0x00007f518485a4f4 in _dl_catch_error
(objname=objname@entry=0x7ffd4f6863b0,
errstring=errstring@entry=0x7ffd4f6863b8,
mallocedp=mallocedp@entry=0x7ffd4f6863af, operate=operate@entry=0x7f518485e8f0
<dl_open_worker>, args=args@entry=0x7ffd4f6863c0) at dl-error.c:187
#11 0x00007f518485e489 in _dl_open (file=0x55b692f2d2b0
"/home/smith/postgres/inst/master/lib/pgcrypto.so", mode=-2147483390,
caller_dlopen=0x55b691cb4c7e <internal_load_library+286>, nsid=-2,
argc=<optimized out>, argv=<optimized out>, env=0x55b692eef880) at
dl-open.c:660
#12 0x00007f5184020ee9 in dlopen_doit (a=a@entry=0x7ffd4f6865f0) at dlopen.c:66
#13 0x00007f518485a4f4 in _dl_catch_error (objname=0x55b692eef6d0,
errstring=0x55b692eef6d8, mallocedp=0x55b692eef6c8, operate=0x7f5184020e90
<dlopen_doit>, args=0x7ffd4f6865f0) at dl-error.c:187
#14 0x00007f5184021521 in _dlerror_run (operate=operate@entry=0x7f5184020e90
<dlopen_doit>, args=args@entry=0x7ffd4f6865f0) at dlerror.c:163
#15 0x00007f5184020f82 in __dlopen (file=<optimized out>, mode=mode@entry=258)
at dlopen.c:87
#16 0x000055b691cb4c7e in internal_load_library
(libname=libname@entry=0x7f51848be7f8 <error: Cannot access memory at address
0x7f51848be7f8>) at dfmgr.c:231
#17 0x000055b691cb5928 in RestoreLibraryState (start_address=0x7f51848be7f8
<error: Cannot access memory at address 0x7f51848be7f8>) at dfmgr.c:754
#18 0x000055b6919459d9 in ParallelWorkerMain (main_arg=<optimized out>) at
parallel.c:1030
#19 0x000055b691b23746 in StartBackgroundWorker () at bgworker.c:835
#20 0x000055b691b2faf5 in do_start_bgworker (rw=0x55b692f0e050) at
postmaster.c:5680
#21 maybe_start_bgworkers () at postmaster.c:5884
#22 0x000055b691b305c8 in sigusr1_handler (postgres_signal_arg=<optimized out>)
at postmaster.c:5073
#23 <signal handler called>
#24 0x00007f5183a5f273 in __select_nocancel () at
../sysdeps/unix/syscall-template.S:84
#25 0x000055b6918b8c0b in ServerLoop () at postmaster.c:1717
#26 0x000055b691b31c65 in PostmasterMain (argc=3, argv=0x55b692eea5f0) at
postmaster.c:1361
#27 0x000055b6918bac4d in main (argc=3, argv=0x55b692eea5f0) at main.c:228
--
You are receiving this mail because:
You are on the CC list for the bug.