[Bug 893605] Re: crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)

Bug Watch Updater 893605 at bugs.launchpad.net
Mon Feb 20 18:37:57 UTC 2012 

Launchpad has imported 1 comments from the remote bug at
http://sourceware.org/bugzilla/show_bug.cgi?id=13579.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-01-10T07:41:43+00:00 Ppluzhnikov-google wrote:

This shows up as a crash in gnucash with glibc-2.15 on Precise Pangolin.
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/893605

Confirmed present in current glibc git trunk.

Test:

/// --- cut --- foo.c ---
int foo () { return bar (); }

/// --- cut --- bar.c ---
int bar () { return 42; }

/// --- cut --- t.c ---
#include <stdio.h>
#include <dlfcn.h>

int main ()
{
  void *h = dlopen ("./foo.so", RTLD_LAZY|RTLD_GLOBAL);
  void *p = dlsym (h, "bar");

  printf ("h = %p, p = %p\n", h, p);

  dlclose (h);

  h = dlopen ("./foo.so", RTLD_LAZY|RTLD_GLOBAL);
  p = dlsym (h, "bar");
  printf ("h = %p, p = %p\n", h, p);

  return 0;
}


gcc -fPIC -shared -o bar.so bar.c &&
gcc -fPIC -shared -o foo.so foo.c ./bar.so &&
gcc t.c ./foo.so ./bar.so -ldl

valgrind ./a.out        # no errors with glibc-2.11

==16605== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==16605== Using Valgrind-3.8.0.SVN and LibVEX; rerun with -h for copyright info
==16605== Command: ./a.out
==16605== 
h = 0x4023b78, p = 0x503759c
==16605== Invalid read of size 8
==16605==    at 0x40093F6: do_lookup_x (/tmp/glibc-git/elf/dl-lookup.c:98)
==16605==    by 0x4009E4A: _dl_lookup_symbol_x (/tmp/glibc-git/elf/dl-lookup.c:739)
==16605==    by 0x5551305: do_sym (/tmp/glibc-git/elf/dl-sym.c:178)
==16605==    by 0x523A043: dlsym_doit (/tmp/glibc-git/dlfcn/dlsym.c:51)
==16605==    by 0x400E685: _dl_catch_error (/tmp/glibc-git/elf/dl-error.c:178)
==16605==    by 0x523A4DB: _dlerror_run (/tmp/glibc-git/dlfcn/dlerror.c:164)
==16605==    by 0x523A099: dlsym (/tmp/glibc-git/dlfcn/dlsym.c:71)
==16605==    by 0x400806: main (in /tmp/bug/a.out)
==16605==  Address 0x57e6098 is 40 bytes inside a block of size 72 free'd
==16605==    at 0x4C2C0EB: free (/valgrind-test/coregrind/m_replacemalloc/vg_replace_malloc.c:426)
==16605==    by 0x4011D21: _dl_scope_free (/tmp/glibc-git/elf/dl-scope.c:32)
==16605==    by 0x4013446: _dl_close_worker (/tmp/glibc-git/elf/dl-close.c:130)
==16605==    by 0x401407B: _dl_close (/tmp/glibc-git/elf/dl-close.c:779)
==16605==    by 0x400E685: _dl_catch_error (/tmp/glibc-git/elf/dl-error.c:178)
==16605==    by 0x523A4DB: _dlerror_run (/tmp/glibc-git/dlfcn/dlerror.c:164)
==16605==    by 0x523A00E: dlclose (/tmp/glibc-git/dlfcn/dlclose.c:48)
==16605==    by 0x4007DF: main (in /tmp/bug/a.out)
==16605== 
h = 0x4023b78, p = 0x503759c
==16605== 
==16605== HEAP SUMMARY:
==16605==     in use at exit: 0 bytes in 0 blocks
==16605==   total heap usage: 2 allocs, 2 frees, 200 bytes allocated
==16605== 
==16605== All heap blocks were freed -- no leaks are possible
==16605== 
==16605== For counts of detected and suppressed errors, rerun with: -v
==16605== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 2 from 2)


The bug may have been introduced here:

commit 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3
Author: Andreas Schwab <schwab at redhat.com>
Date:   Fri Feb 25 20:49:48 2011 -0500

    Fix memory leak in dlopen with RTLD_NOLOAD.

Reply at: https://bugs.launchpad.net/glibc/+bug/893605/comments/5


** Changed in: glibc
       Status: Unknown => Confirmed

** Changed in: glibc
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/893605

Title:
  crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)

Status in The GNU C Library:
  Confirmed
Status in “eglibc” package in Ubuntu:
  Fix Released
Status in “glibc” package in Fedora:
  Unknown

Bug description:
  seen with glibc-2.14/glibc-2.15:

  kvm -cdrom <iso>

  Program received signal SIGSEGV, Segmentation fault.
  0xb7fe7740 in ?? () from /lib/ld-linux.so.2
  (gdb) bt
  #0  0xb7fe7740 in ?? () from /lib/ld-linux.so.2
  #1  0xb7fe7eb9 in ?? () from /lib/ld-linux.so.2
  #2  0xb7a26490 in do_sym (handle=0xb7d86860, 
      name=0xb7c7ff4f "XAllocClassHint", who=<optimized out>, vers=0x0, flags=2)
      at dl-sym.c:178
  #3  0xb7a26927 in _dl_sym (handle=<optimized out>, name=<optimized out>, 
      who=<optimized out>) at dl-sym.c:283
  #4  0xb778cd67 in dlsym_doit (a=0xbfffeef0) at dlsym.c:51
  #5  0xb7feccaf in ?? () from /lib/ld-linux.so.2
  #6  0xb778d33a in _dlerror_run (operate=0xb778cd40 <dlsym_doit>, 
      args=0xbfffeef0) at dlerror.c:164
  #7  0xb778cde4 in __dlsym (handle=0xb7d86860, 
      name=0xb7c7ff4f "XAllocClassHint") at dlsym.c:71
  #8  0xb7c56b5a in SDL_LoadFunction () from /usr/lib/libSDL-1.2.so.0
  #9  0xb7c58511 in ?? () from /usr/lib/libSDL-1.2.so.0
  #10 0xb7c5a8aa in ?? () from /usr/lib/libSDL-1.2.so.0
  #11 0xb7c61825 in ?? () from /usr/lib/libSDL-1.2.so.0
  #12 0xb7c5155a in SDL_VideoInit () from /usr/lib/libSDL-1.2.so.0
  #13 0xb7c25c7a in SDL_InitSubSystem () from /usr/lib/libSDL-1.2.so.0
  #14 0xb7c25cfb in SDL_Init () from /usr/lib/libSDL-1.2.so.0
  #15 0x00202967 in ?? ()
  ---Type <return> to continue, or q <return> to quit---
  #16 0x0013cfdc in main ()

  gnucash:

  
  Program received signal SIGSEGV, Segmentation fault.
  0x00119740 in ?? () from /lib/ld-linux.so.2
  (gdb) bt
  #0  0x00119740 in ?? () from /lib/ld-linux.so.2
  #1  0x00119eb9 in ?? () from /lib/ld-linux.so.2
  #2  0x00c0a490 in do_sym (handle=0xb7ffd000, 
      name=0x10eeec4 "g_module_check_init", who=<optimized out>, vers=0x0, 
      flags=2) at dl-sym.c:178
  #3  0x00c0a927 in _dl_sym (handle=<optimized out>, name=<optimized out>, 
      who=<optimized out>) at dl-sym.c:283
  #4  0x03195d67 in dlsym_doit (a=0xbfffedc0) at dlsym.c:51
  #5  0x0011ecaf in ?? () from /lib/ld-linux.so.2
  #6  0x0319633a in _dlerror_run (operate=0x3195d40 <dlsym_doit>, 
      args=0xbfffedc0) at dlerror.c:164
  #7  0x03195de4 in __dlsym (handle=0xb7ffd000, 
      name=0x10eeec4 "g_module_check_init") at dlsym.c:71
  #8  0x010ee065 in g_module_symbol ()
     from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
  #9  0x010ee54f in g_module_open ()
     from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
  #10 0x003ff61e in ?? () from /usr/lib/gnucash/libgnc-module.so.0
  #11 0x003ff90b in gnc_module_load () from /usr/lib/gnucash/libgnc-module.so.0
  #12 0x0804ca5f in _start ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/893605/+subscriptions

More information about the foundations-bugs mailing list