[Bug 919202] Re: [2.15~pre6] regression: crashes in dlopen()

Bug Watch Updater 919202 at bugs.launchpad.net
Tue Jan 24 22:45:33 UTC 2012 

Launchpad has imported 3 comments from the remote bug at
http://sourceware.org/bugzilla/show_bug.cgi?id=13618.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-01-23T20:23:48+00:00 Ppluzhnikov-google wrote:

The test is reduced from
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/919202

Reproduces with current git trunk.

// foo.c
#include <math.h>
int foo (double d) { return floor (d) != 0; }

// bar.c
int bar () { return foo (); }

// main.c
#include <dlfcn.h>
#include <stdio.h>

int
main (int argc, char *argv[])
{
  const char *lib = "./bar.so";
  if (argc > 1) lib = argv[1];
  void *h = dlopen (lib, RTLD_NOW);  // RTLD_LAZY -> no bug
  if (h == 0)
    {
      puts (dlerror ());
      return 1;
    }
  return 0;
}

gcc -fPIC -shared -fno-builtin -o foo.so foo.c -lm &&
gcc -fPIC -shared -o bar.so -Wl,--no-as-needed -lm ./foo.so bar.c &&
gcc -g main.c -ldl

gdb -q ./a.out

Program received signal SIGSEGV, Segmentation fault.
0x0000000000005446 in ?? ()
(gdb) bt
#0  0x0000000000005446 in ?? ()
#1  0x00007ffff7351005 in floor () at ../sysdeps/x86_64/fpu/multiarch/s_floor.S:26
#2  0x00007ffff7de738f in elf_machine_rela (sym=0x7ffff7338c88, skip_ifunc=<optimized out>, reloc_addr_arg=0x7ffff7336008, version=<optimized out>, map=0x602af0, 
    reloc=<optimized out>) at ../sysdeps/x86_64/dl-machine.h:302
#3  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=0x602af0)
    at do-rel.h:146
#4  _dl_relocate_object (scope=0x602e48, reloc_mode=<optimized out>, consider_profiling=0) at dl-reloc.c:265
#5  0x00007ffff7deda23 in dl_open_worker (a=0x7fffffffd400) at dl-open.c:338
#6  0x00007ffff7de9686 in _dl_catch_error (objname=0x7fffffffd3f0, errstring=0x7fffffffd3f8, mallocedp=0x7fffffffd3ef, operate=0x7ffff7ded7c0 <dl_open_worker>, 
    args=0x7fffffffd400) at dl-error.c:178
#7  0x00007ffff7ded36c in _dl_open (file=0x40080c "./bar.so", mode=-2147483646, caller_dlopen=<optimized out>, nsid=-2, argc=1, argv=0x7fffffffd748, env=0x7fffffffd758)
    at dl-open.c:575
#8  0x00007ffff7bd7f26 in dlopen_doit (a=0x7fffffffd610) at dlopen.c:67
#9  0x00007ffff7de9686 in _dl_catch_error (objname=0x7ffff7dda0d0, errstring=0x7ffff7dda0d8, mallocedp=0x7ffff7dda0c8, operate=0x7ffff7bd7ec0 <dlopen_doit>, args=0x7fffffffd610)
    at dl-error.c:178
#10 0x00007ffff7bd84dc in _dlerror_run (operate=0x7ffff7bd7ec0 <dlopen_doit>, args=0x7fffffffd610) at dlerror.c:164
#11 0x00007ffff7bd7fc1 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:88
#12 0x00000000004006f1 in main (argc=1, argv=0x7fffffffd748) at main.c:8

What appears to be happening is that __floor (IFUNC) jumps to *unrelocated*
GOT entry for __get_cpu_features.

Reply at: https://bugs.launchpad.net/glibc/+bug/919202/comments/3

------------------------------------------------------------------------
On 2012-01-24T12:18:44+00:00 Aj-suse wrote:

*** Bug 13580 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/glibc/+bug/919202/comments/5

------------------------------------------------------------------------
On 2012-01-24T12:19:42+00:00 Aj-suse wrote:

Thanks for the testcase.

Reply at: https://bugs.launchpad.net/glibc/+bug/919202/comments/6


** Changed in: glibc
       Status: Unknown => Confirmed

** Changed in: glibc
   Importance: Unknown => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/919202

Title:
  [2.15~pre6] regression: crashes in dlopen()

Status in The GNU C Library:
  Confirmed
Status in “eglibc” package in Ubuntu:
  Triaged

Bug description:
  I have used eglibc 2.15~pre6-0ubuntu4 from https://launchpad.net
  /~ubuntu-toolchain-r/+archive/glibc/+packages since last week.
  Yesterday I noticed that this causes a crash in the gdk-pixbuf loader
  cache when it tries to examine the SVG one.

  This can be reduced to this test case:

  With precise's libc6 2.13, it works:

  /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders   /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so
  # GdkPixbuf Image Loader Modules file
  # Automatically generated file, do not edit
  # Created by gdk-pixbuf-query-loaders from gdk-pixbuf-2.25.0
  #
  "/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so"
  "svg" 2 "gdk-pixbuf" "Scalable Vector Graphics" "LGPL"
  "image/svg+xml" "image/svg" "image/svg-xml" "image/vnd.adobe.svg+xml" "text/xml-svg" "image/svg+xml-compressed" ""
  "svg" "svgz" "svg.gz" ""
  " <svg" "*    " 100
  " <!DOCTYPE svg" "*             " 100

  With the PPA version it crashes:

  Program received signal SIGSEGV, Segmentation fault.
  0x0000000000005446 in ?? ()
  (gdb) bt
  #0  0x0000000000005446 in ?? ()
  #1  0x00007ffff5137fc5 in floor ()
      at ../sysdeps/x86_64/fpu/multiarch/s_floor.S:26
  #2  0x00007ffff7de6a2b in ?? () from /lib64/ld-linux-x86-64.so.2
  #3  0x00007ffff7ded936 in ?? () from /lib64/ld-linux-x86-64.so.2
  #4  0x00007ffff7de9126 in ?? () from /lib64/ld-linux-x86-64.so.2
  #5  0x00007ffff7ded2ca in ?? () from /lib64/ld-linux-x86-64.so.2
  #6  0x00007ffff7107f26 in dlopen_doit (a=0x7fffffffe280) at dlopen.c:67
  #7  0x00007ffff7de9126 in ?? () from /lib64/ld-linux-x86-64.so.2
  #8  0x00007ffff710852f in _dlerror_run (operate=0x7ffff7107ec0 <dlopen_doit>,
      args=0x7fffffffe280) at dlerror.c:164
  #9  0x00007ffff7107fc1 in __dlopen (file=<optimized out>, mode=<optimized out>)
      at dlopen.c:88
  #10 0x00007ffff7bd76fc in _g_module_open (bind_local=<optimized out>,
      bind_lazy=<optimized out>,
      file_name=0x605000 "/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so")
      at /build/buildd/glib2.0-2.31.10/./gmodule/gmodule-dl.c:99
  #11 g_module_open (
      file_name=0x604630 "/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so", flags=<optimized out>)
      at /build/buildd/glib2.0-2.31.10/./gmodule/gmodule.c:584
  #12 0x00000000004010a0 in ?? ()
  #13 0x0000000000400d94 in ?? ()
  #14 0x00007ffff732c76d in __libc_start_main (main=0x400cf0, argc=2,
      ubp_av=0x7fffffffe4e8, init=<optimized out>, fini=<optimized out>,
      rtld_fini=<optimized out>, stack_end=0x7fffffffe4d8) at libc-start.c:226

  Unfortunately the backtrace is rather useless. I do have the matching
  libc6-dbg, it just doesn't seem to help here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/919202/+subscriptions

More information about the foundations-bugs mailing list