This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] hppa: avoid NULL dereference of sym_map in elf_machine_rela()

On Fri, Oct 31, 2014 at 07:35:59PM -0700, Roland McGrath wrote:
> Oh, yeah.  abort is the generic fallback for __builtin_trap.  Certainly
> just supporting __builtin_trap directly in a compiler backend (with no
> outcall) is best.  But this issue might come up in other places or affect
> other machines, and the set of machines and compilers we support for
> building libc today most likely includes others that don't have a proper
> __builtin_trap.  

While glibc has to work around it for the time being (either by not
using __builtin_trap, or by providing abort here), I think it would be
nice to press for fixing this on the compiler side. There's no good
reason for the compiler to generate a call to abort when every ISA
I've ever seen has HCF-type instructions that can be used directly
with no dependency on a function call. Aside from the ldso issues,
__builtin_trap or similar compiler-generated traps might be used in
places where the call is impossible, like handling a fatal condition
where the GOT is corrupt, where the TCB is corrupt (in which case
abort can't properly raise signals for the calling thread), or where
the function pointer used to make syscalls (via vdso on x86, for
instance) is corrupt. In the worst case, this corruption was caused by
an attacker who has happily put the address of shellcode at one of the
above places.

Rich
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]