This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/14831] New: Redirecting a library to libm.so via LD_AUDIT induces segmentation fault in _dl_profile_fixup
- From: "amonakov at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sun, 11 Nov 2012 21:03:48 +0000
- Subject: [Bug dynamic-link/14831] New: Redirecting a library to libm.so via LD_AUDIT induces segmentation fault in _dl_profile_fixup
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14831
Bug #: 14831
Summary: Redirecting a library to libm.so via LD_AUDIT induces
segmentation fault in _dl_profile_fixup
Product: glibc
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
AssignedTo: unassigned@sourceware.org
ReportedBy: amonakov@gmail.com
Classification: Unclassified
Created attachment 6727
--> http://sourceware.org/bugzilla/attachment.cgi?id=6727
testcase
Using the audit mechanism to redirect library lookups by implementing
la_objsearch and returning a library that depends on libm.so (or libm.so
itself) results in a subsequent segfault in the loader. I have attempted to
create a standalone testcase, but did not succeed (I suspect the bug has to do
with how IRELATIVE relocations are processed, but a simple testcase with
IRELATIVE reloc works fine). Attaching a small testcase that depends on
libm.so (and assumes it has IRELATIVE relocations).
$ gdb --args /tmp/glibc-build/elf/ld.so --audit ./libaudit.so ./main
GNU gdb (GDB) 7.4.1
(gdb) r
Starting program: /tmp/glibc-build/elf/ld.so --audit ./libaudit.so ./main
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Program received signal SIGSEGV, Segmentation fault.
_dl_profile_fixup (l=0x7ffff7a33508, reloc_arg=4, retaddr=140737345060825,
regs=0x7fffffffd1b0, framesizep=0x7fffffffd508) at ../elf/dl-runtime.c:176
176 DL_FIXUP_VALUE_TYPE value = *resultp;
(gdb) bt
#0 _dl_profile_fixup (l=0x7ffff7a33508, reloc_arg=4, retaddr=140737345060825,
regs=0x7fffffffd1b0, framesizep=0x7fffffffd508) at ../elf/dl-runtime.c:176
#1 0x0000555555568306 in _dl_runtime_profile () at
../sysdeps/x86_64/dl-trampoline.h:48
#2 0x00007ffff7757fd9 in ?? ()
#3 0x00007fffffffd650 in ?? ()
#4 0x000055555555f5d1 in elf_machine_lazy_rel (skip_ifunc=<optimized out>,
reloc=0x7ffff773e210, l_addr=140737344933888, map=0x7ffff7a33508) at
../sysdeps/x86_64/dl-machine.h:535
#5 elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>,
nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>,
map=0x7ffff7a33508) at do-rel.h:85
#6 _dl_relocate_object (scope=0x7ffff7a33860, reloc_mode=<optimized out>,
consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:265
#7 0x0000555555557ad2 in dl_main (phdr=<optimized out>,
phdr@entry=0x555555554040, phnum=4160734848, phnum@entry=7,
user_entry=user_entry@entry=0x7fffffffd7d8, auxv=0x555555777801) at rtld.c:2299
#8 0x0000555555568afc in _dl_sysdep_start
(start_argptr=start_argptr@entry=0x7fffffffd890,
dl_main=dl_main@entry=0x555555555ae0 <dl_main>) at ../elf/dl-sysdep.c:242
#9 0x0000555555558d0e in _dl_start_final (arg=0x7fffffffd890) at rtld.c:337
#10 _dl_start (arg=0x7fffffffd890) at rtld.c:563
#11 0x00005555555555a8 in _start () from /tmp/glibc-build/elf/ld.so
(gdb) p l.l_reloc_result
$1 = (struct reloc_result *) 0x0
(gdb) f 4
#4 0x000055555555f5d1 in elf_machine_lazy_rel (skip_ifunc=<optimized out>,
reloc=0x7ffff773e210, l_addr=140737344933888, map=0x7ffff7a33508) at
../sysdeps/x86_64/dl-machine.h:535
535 value = ((ElfW(Addr) (*) (void)) value) ();
(gdb) list
530 }
531 else if (__builtin_expect (r_type == R_X86_64_IRELATIVE, 0))
532 {
533 ElfW(Addr) value = map->l_addr + reloc->r_addend;
534 if (__builtin_expect (!skip_ifunc, 1))
535 value = ((ElfW(Addr) (*) (void)) value) ();
536 *reloc_addr = value;
537 }
538 else
539 _dl_reloc_bad_type (map, r_type, 1);
(gdb)
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.