Bug 12489 - prelinking ldso causes binaries to segfault upon startup
Summary: prelinking ldso causes binaries to segfault upon startup
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.13
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on:
Reported: 2011-02-14 04:56 UTC by Mike Frysinger
Modified: 2014-06-27 13:51 UTC (History)
6 users (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description Mike Frysinger 2011-02-14 04:56:15 UTC
after upgrading from glibc-2.12.2 to glibc-2.13 and running prelink on the system, many binaries segfault immediately.  undoing prelink on just the ldso makes the segfaults go away.

using git bisect from the glibc-2.12 tag to the glibc-2.13 tag shows the trouble starts around commit bc5fb0374c3ce6eca92f44d13a55b066e707c4a0 (Don't try to free rpath strings allocated during startup).  and indeed, if i take current master (edf9294e7a2cd46b050faf2d270d28ff477f6c5e) and revert that one commit, things still work fine.  same goes for taking glibc-2.13 and reverting that one change.


full bisect log:
# bad: [6392473fe970b0cdace62f31000a83ba0fcf6161] 2.13 release
# good: [e28c88707ef0529593fccedf1a94c3fce3df0ef3] Prepare for release. git bisect start 'glibc-2.13' 'glibc-2.12'
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# good: [c96d23fcaa7072bb9e7669957c90b09dddfd9161] Fixup x86 after x86-64 varshift change.
git bisect good c96d23fcaa7072bb9e7669957c90b09dddfd9161
# bad: [fdc0f374bcd2d0513569aa8d600f960e43e8af1d] Fix perturbing in malloc on free.
git bisect bad fdc0f374bcd2d0513569aa8d600f960e43e8af1d
# bad: [91c42559190f59c6c4b3cb0b7f5c9bb11dd28161] powerpc: Use generic memset
for RTLD for ppc32/64
git bisect bad 91c42559190f59c6c4b3cb0b7f5c9bb11dd28161
# good: [e66e7419a6f58200eec6941b14e2dcff9875cc6c] Actually make it possible to
user the default name server.
git bisect good e66e7419a6f58200eec6941b14e2dcff9875cc6c
# bad: [dda51327baa01c8e5c188a9952317396bb5569b1] Undo feature selection for
git bisect bad dda51327baa01c8e5c188a9952317396bb5569b1
# bad: [8ffcee4a049b244e369e371536486a9b2eabb25f] Fix limit detection in x86-64
SSE2 strncasecmp.
git bisect bad 8ffcee4a049b244e369e371536486a9b2eabb25f
# bad: [7291c56f9d6f5861d1c001bc63a364f047a74738] Fix register conflict in s390
git bisect bad 7291c56f9d6f5861d1c001bc63a364f047a74738
# bad: [bc5fb0374c3ce6eca92f44d13a55b066e707c4a0] Don't try to free rpath strings allocated during startup
git bisect bad bc5fb0374c3ce6eca92f44d13a55b066e707c4a0

the simple test script i was using (probably should automate this with `git
bisect run`, but oh well):
rm -rf chroot
mkdir chroot
cd chroot
mkdir lib etc bin
ln -s lib lib64
cp `which gcc` `which prelink` bin
cp /etc/prelink.conf etc
cp ../lib*.so.? lib/
cp ../elf/ld.so lib/ld-linux-x86-64.so.2
sudo chroot . prelink -a
sudo chroot . gcc

if gcc crashes, then it doesnt look so good
Comment 1 Allan McRae 2011-02-14 06:44:39 UTC
Looking at the bisect result, this patch from the Fedora branch seemed a likely fix:

Taking glibc-2.13 and adding that patch makes the test script work.
Comment 2 Dmitry V. Levin 2011-02-14 10:44:09 UTC
According to bugzilla.redhat.com, the issue have been reported a dozen times already.
Comment 3 Mike Frysinger 2011-02-14 17:00:33 UTC
(In reply to comment #1)

thanks, that patch seems to work for me too.  i guess we'll want it cherry picked into master and the glibc-2.13 release branches.  but i dont think the glibc-2.13 branch can get it until the master does ...
Comment 4 Carlos O'Donell 2011-02-14 17:08:13 UTC
Correct, it must be on master before I can cherry-pick it into 2.13. Please add the keyword "glibc-2.13" if you want me to cherry-pick it into 2.13 stable.
Comment 5 Ulrich Drepper 2011-02-20 12:26:28 UTC
I added a patch.
Comment 6 Mike Frysinger 2011-02-20 17:38:45 UTC
Carlos: you'll want e23fe25b33324a9ea992276c1a4f04127bf9ba4b
Comment 7 Carlos O'Donell 2011-02-23 16:26:39 UTC
No regressions. Fix cherry-picked into 2.13. Thanks!