Bug 12489

Summary: prelinking ldso causes binaries to segfault upon startup
Product: glibc Reporter: Mike Frysinger <vapier>
Component: libcAssignee: Ulrich Drepper <drepper.fsp>
Status: RESOLVED FIXED    
Severity: normal CC: allan, carlos, carlos, Martin.vGagern, schwab, toolchain
Priority: P2 Flags: fweimer: security-
Version: 2.13   
Target Milestone: ---   
See Also: http://bugs.gentoo.org/show_bug.cgi?id=353814
https://bugzilla.redhat.com/show_bug.cgi?id=638091
Host: Target:
Build: Last reconfirmed:

Description Mike Frysinger 2011-02-14 04:56:15 UTC 
after upgrading from glibc-2.12.2 to glibc-2.13 and running prelink on the system, many binaries segfault immediately.  undoing prelink on just the ldso makes the segfaults go away.

using git bisect from the glibc-2.12 tag to the glibc-2.13 tag shows the trouble starts around commit bc5fb0374c3ce6eca92f44d13a55b066e707c4a0 (Don't try to free rpath strings allocated during startup).  and indeed, if i take current master (edf9294e7a2cd46b050faf2d270d28ff477f6c5e) and revert that one commit, things still work fine.  same goes for taking glibc-2.13 and reverting that one change.

http://sourceware.org/git/?p=glibc.git;a=commit;h=bc5fb0374c3ce6eca92f44d13a55b066e707c4a0

full bisect log:
# bad: [6392473fe970b0cdace62f31000a83ba0fcf6161] 2.13 release
# good: [e28c88707ef0529593fccedf1a94c3fce3df0ef3] Prepare for release. git bisect start 'glibc-2.13' 'glibc-2.12'
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# bad: [fdc0f374bcd2d0513569aa8d600f960e43e8af1d] Fix perturbing in malloc on free.
git bisect bad fdc0f374bcd2d0513569aa8d600f960e43e8af1d
# bad: [91c42559190f59c6c4b3cb0b7f5c9bb11dd28161] powerpc: Use generic memset
for RTLD for ppc32/64
git bisect bad 91c42559190f59c6c4b3cb0b7f5c9bb11dd28161
# good: [e66e7419a6f58200eec6941b14e2dcff9875cc6c] Actually make it possible to
user the default name server.
git bisect good e66e7419a6f58200eec6941b14e2dcff9875cc6c
# bad: [dda51327baa01c8e5c188a9952317396bb5569b1] Undo feature selection for
ftruncate.
git bisect bad dda51327baa01c8e5c188a9952317396bb5569b1
# bad: [8ffcee4a049b244e369e371536486a9b2eabb25f] Fix limit detection in x86-64
SSE2 strncasecmp.
git bisect bad 8ffcee4a049b244e369e371536486a9b2eabb25f
# bad: [7291c56f9d6f5861d1c001bc63a364f047a74738] Fix register conflict in s390
____longjmp_chk
git bisect bad 7291c56f9d6f5861d1c001bc63a364f047a74738
# bad: [bc5fb0374c3ce6eca92f44d13a55b066e707c4a0] Don't try to free rpath strings allocated during startup
git bisect bad bc5fb0374c3ce6eca92f44d13a55b066e707c4a0

the simple test script i was using (probably should automate this with `git
bisect run`, but oh well):
rm -rf chroot
mkdir chroot
cd chroot
mkdir lib etc bin
ln -s lib lib64
cp `which gcc` `which prelink` bin
cp /etc/prelink.conf etc
cp ../lib*.so.? lib/
cp ../elf/ld.so lib/ld-linux-x86-64.so.2
sudo chroot . prelink -a
sudo chroot . gcc

if gcc crashes, then it doesnt look so good
Comment 1 Allan McRae 2011-02-14 06:44:39 UTC 
Looking at the bisect result, this patch from the Fedora branch seemed a likely fix:
http://sourceware.org/git/?p=glibc.git;a=commit;h=25b3aada

Taking glibc-2.13 and adding that patch makes the test script work.
Comment 2 Dmitry V. Levin 2011-02-14 10:44:09 UTC 
According to bugzilla.redhat.com, the issue have been reported a dozen times already.
Comment 3 Mike Frysinger 2011-02-14 17:00:33 UTC 
(In reply to comment #1)

thanks, that patch seems to work for me too.  i guess we'll want it cherry picked into master and the glibc-2.13 release branches.  but i dont think the glibc-2.13 branch can get it until the master does ...
Comment 4 Carlos O'Donell 2011-02-14 17:08:13 UTC 
Correct, it must be on master before I can cherry-pick it into 2.13. Please add the keyword "glibc-2.13" if you want me to cherry-pick it into 2.13 stable.
Comment 5 Ulrich Drepper 2011-02-20 12:26:28 UTC 
I added a patch.
Comment 6 Mike Frysinger 2011-02-20 17:38:45 UTC 
Carlos: you'll want e23fe25b33324a9ea992276c1a4f04127bf9ba4b
Comment 7 Carlos O'Donell 2011-02-23 16:26:39 UTC 
No regressions. Fix cherry-picked into 2.13. Thanks!