[Bug 893605] Re: crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)
Ppluzhnikov-google
893605 at bugs.launchpad.net
Tue Jan 10 02:34:52 UTC 2012
Valgrind confirms:
==11099== Invalid read of size 8
==11099== at 0x4009B1A: do_lookup_x (dl-lookup.c:98)
==11099== by 0x400A4E2: _dl_lookup_symbol_x (dl-lookup.c:739)
==11099== by 0x730D419: do_sym (dl-sym.c:178)
==11099== by 0x11D23043: dlsym_doit (dlsym.c:51)
==11099== by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099== by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099== by 0x11D23099: dlsym (dlsym.c:71)
==11099== by 0xA2DD3EF: g_module_symbol (gmodule-dl.c:147)
==11099== by 0xA2DD8A9: g_module_open (gmodule.c:630)
==11099== by 0x592C17D: gnc_module_load_common (gnc-module.c:501)
==11099== by 0x592C467: gnc_module_load (gnc-module.c:552)
==11099== by 0x405CD4: load_gnucash_modules (gnucash-bin.c:595)
==11099== Address 0x194e2a28 is 456 bytes inside a block of size 904 free'd
==11099== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11099== by 0x4012871: _dl_scope_free (dl-scope.c:32)
==11099== by 0x40143D5: _dl_close_worker (dl-close.c:130)
==11099== by 0x4014FBD: _dl_close (dl-close.c:779)
==11099== by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099== by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099== by 0x11D2300E: dlclose (dlclose.c:48)
==11099== by 0xA2DD299: g_module_close (gmodule-dl.c:134)
==11099== by 0x592BC0D: gnc_module_get_info (gnc-module.c:329)
==11099== by 0x592B812: gnc_module_system_refresh (gnc-module.c:190)
==11099== by 0x592B72C: gnc_module_system_init (gnc-module.c:137)
==11099== by 0x406391: main (gnucash-bin.c:851)
The problem appears to have been introduced here:
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 127) {
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 128) struct link_map **oldp = map->l_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 129) map->l_initfini = map->l_orig_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 130) _dl_scope_free (oldp);
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 131) }
@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
|| dl_close_state != not_pending)
{
- if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
- dl_close_state = rerun;
+ if (map->l_direct_opencount == 0)
+ {
+ if (map->l_type == lt_loaded)
+ dl_close_state = rerun;
+ else if (map->l_type == lt_library)
+ {
+ struct link_map **oldp = map->l_initfini;
+ map->l_initfini = map->l_orig_initfini;
+ _dl_scope_free (oldp);
+ }
+ }
The libraries that are loaded as direct dependencies of a.out have
map->l_type == lt_library.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/893605
Title:
crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)
Status in “eglibc” package in Ubuntu:
Confirmed
Status in “glibc” package in Fedora:
Unknown
Bug description:
seen with glibc-2.14/glibc-2.15:
kvm -cdrom <iso>
Program received signal SIGSEGV, Segmentation fault.
0xb7fe7740 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0xb7fe7740 in ?? () from /lib/ld-linux.so.2
#1 0xb7fe7eb9 in ?? () from /lib/ld-linux.so.2
#2 0xb7a26490 in do_sym (handle=0xb7d86860,
name=0xb7c7ff4f "XAllocClassHint", who=<optimized out>, vers=0x0, flags=2)
at dl-sym.c:178
#3 0xb7a26927 in _dl_sym (handle=<optimized out>, name=<optimized out>,
who=<optimized out>) at dl-sym.c:283
#4 0xb778cd67 in dlsym_doit (a=0xbfffeef0) at dlsym.c:51
#5 0xb7feccaf in ?? () from /lib/ld-linux.so.2
#6 0xb778d33a in _dlerror_run (operate=0xb778cd40 <dlsym_doit>,
args=0xbfffeef0) at dlerror.c:164
#7 0xb778cde4 in __dlsym (handle=0xb7d86860,
name=0xb7c7ff4f "XAllocClassHint") at dlsym.c:71
#8 0xb7c56b5a in SDL_LoadFunction () from /usr/lib/libSDL-1.2.so.0
#9 0xb7c58511 in ?? () from /usr/lib/libSDL-1.2.so.0
#10 0xb7c5a8aa in ?? () from /usr/lib/libSDL-1.2.so.0
#11 0xb7c61825 in ?? () from /usr/lib/libSDL-1.2.so.0
#12 0xb7c5155a in SDL_VideoInit () from /usr/lib/libSDL-1.2.so.0
#13 0xb7c25c7a in SDL_InitSubSystem () from /usr/lib/libSDL-1.2.so.0
#14 0xb7c25cfb in SDL_Init () from /usr/lib/libSDL-1.2.so.0
#15 0x00202967 in ?? ()
---Type <return> to continue, or q <return> to quit---
#16 0x0013cfdc in main ()
gnucash:
Program received signal SIGSEGV, Segmentation fault.
0x00119740 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0x00119740 in ?? () from /lib/ld-linux.so.2
#1 0x00119eb9 in ?? () from /lib/ld-linux.so.2
#2 0x00c0a490 in do_sym (handle=0xb7ffd000,
name=0x10eeec4 "g_module_check_init", who=<optimized out>, vers=0x0,
flags=2) at dl-sym.c:178
#3 0x00c0a927 in _dl_sym (handle=<optimized out>, name=<optimized out>,
who=<optimized out>) at dl-sym.c:283
#4 0x03195d67 in dlsym_doit (a=0xbfffedc0) at dlsym.c:51
#5 0x0011ecaf in ?? () from /lib/ld-linux.so.2
#6 0x0319633a in _dlerror_run (operate=0x3195d40 <dlsym_doit>,
args=0xbfffedc0) at dlerror.c:164
#7 0x03195de4 in __dlsym (handle=0xb7ffd000,
name=0x10eeec4 "g_module_check_init") at dlsym.c:71
#8 0x010ee065 in g_module_symbol ()
from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
#9 0x010ee54f in g_module_open ()
from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
#10 0x003ff61e in ?? () from /usr/lib/gnucash/libgnc-module.so.0
#11 0x003ff90b in gnc_module_load () from /usr/lib/gnucash/libgnc-module.so.0
#12 0x0804ca5f in _start ()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/893605/+subscriptions
More information about the foundations-bugs
mailing list