This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11952] New: glibc may use uninitialized DTV slot, return NULL for &thread_local
- From: "ppluzhnikov at google dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 27 Aug 2010 19:10:38 -0000
- Subject: [Bug libc/11952] New: glibc may use uninitialized DTV slot, return NULL for &thread_local
- Reply-to: sourceware-bugzilla at sourceware dot org
When a shared library foo.so with TLS variables is loaded as a result
of dlopen("bar.so"), and bar.so has R_386_TLS_TPOFF, then glibc may
use unitialized (zero'd) dtv[] entry, and address of thread-local variable
will become NULL.
The bug exists in glibc-2.7 and current git HEAD.
Repro instructions:
cat > foo.c <<EOF
static __thread int foo;
int *get_foo() { return &foo; }
EOF
cat > bar.c <<EOF
static __thread int bar;
extern int *get_bar() { return &bar; }
EOF
cat > main.c <<EOF
#include <stdio.h>
#include <dlfcn.h>
int main()
{
void *h = dlopen("./bar.so", RTLD_LAZY);
int* (*get_bar)(void) = dlsym(h, "get_bar");
int* (*get_foo)(void) = dlsym(h, "get_foo");
printf("get_bar() = %p\n", (*get_bar)());
printf("get_foo() = %p\n", (*get_foo)());
return 0;
}
EOF
gcc -m32 -fPIC -shared -o foo.so foo.c
gcc -m32 -shared -o bar.so bar.c ./foo.so # NOTE: no -fPIC
gcc -m32 main.c -ldl
./a.out
get_bar() = 0xf756e680
get_foo() = (nil) <<<- BUG
Rebuilding bar.so with -fPIC makes the problem go away:
gcc -m32 -fPIC -shared -o bar.so bar.c ./foo.so
./a.out
get_bar() = 0x804a700
get_foo() = 0x804a710
--
Summary: glibc may use uninitialized DTV slot, return NULL for
&thread_local
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: ppluzhnikov at google dot com
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: x86_64-unknown-linux-gnu
GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: i586-unknown-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=11952
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.