[Bug 1842730]

Cvs-commit 1842730 at bugs.launchpad.net
Thu Oct 31 21:29:32 UTC 2019 

The release/2.29/master branch has been updated by DJ Delorie
<dj at sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e1548a6d9c5c544f13cb71f4462b3f38e87a3c6

commit 5e1548a6d9c5c544f13cb71f4462b3f38e87a3c6
Author: H.J. Lu <hjl.tools at gmail.com>
Date:   Mon Jul 1 12:23:10 2019 -0700

    Call _dl_open_check after relocation [BZ #24259]
    
    This is a workaround for [BZ #20839] which doesn't remove the NODELETE
    object when _dl_open_check throws an exception.  Move it after relocation
    in dl_open_worker to avoid leaving the NODELETE object mapped without
    relocation.
    
    	[BZ #24259]
    	* elf/dl-open.c (dl_open_worker): Call _dl_open_check after
    	relocation.
    	* sysdeps/x86/Makefile (tests): Add tst-cet-legacy-5a,
    	tst-cet-legacy-5b, tst-cet-legacy-6a and tst-cet-legacy-6b.
    	(modules-names): Add tst-cet-legacy-mod-5a, tst-cet-legacy-mod-5b,
    	tst-cet-legacy-mod-5c, tst-cet-legacy-mod-6a, tst-cet-legacy-mod-6b
    	and tst-cet-legacy-mod-6c.
    	(CFLAGS-tst-cet-legacy-5a.c): New.
    	(CFLAGS-tst-cet-legacy-5b.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-5a.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-5b.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-5c.c): Likewise.
    	(CFLAGS-tst-cet-legacy-6a.c): Likewise.
    	(CFLAGS-tst-cet-legacy-6b.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-6a.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-6b.c): Likewise.
    	(CFLAGS-tst-cet-legacy-mod-6c.c): Likewise.
    	($(objpfx)tst-cet-legacy-5a): Likewise.
    	($(objpfx)tst-cet-legacy-5a.out): Likewise.
    	($(objpfx)tst-cet-legacy-mod-5a.so): Likewise.
    	($(objpfx)tst-cet-legacy-mod-5b.so): Likewise.
    	($(objpfx)tst-cet-legacy-5b): Likewise.
    	($(objpfx)tst-cet-legacy-5b.out): Likewise.
    	(tst-cet-legacy-5b-ENV): Likewise.
    	($(objpfx)tst-cet-legacy-6a): Likewise.
    	($(objpfx)tst-cet-legacy-6a.out): Likewise.
    	($(objpfx)tst-cet-legacy-mod-6a.so): Likewise.
    	($(objpfx)tst-cet-legacy-mod-6b.so): Likewise.
    	($(objpfx)tst-cet-legacy-6b): Likewise.
    	($(objpfx)tst-cet-legacy-6b.out): Likewise.
    	(tst-cet-legacy-6b-ENV): Likewise.
    	* sysdeps/x86/tst-cet-legacy-5.c: New file.
    	* sysdeps/x86/tst-cet-legacy-5a.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-5b.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-6.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-6a.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-6b.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-5.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-5a.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-5b.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-5c.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-6.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-6a.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-6b.c: Likewise.
    	* sysdeps/x86/tst-cet-legacy-mod-6c.c: Likewise.
    
    (cherry picked from commit d0093c5cefb7f7a4143f3bb03743633823229cc6)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1842730

Title:
  glibc: dlopen crash after a previously failed call to dlopen

Status in GLibC:
  In Progress
Status in glibc package in Ubuntu:
  New

Bug description:
  Environment
  ===========

  Ubuntu 18.04.3 LTS
  Linux 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
  libc6:amd64 2.27-3ubuntu1
  gcc 4:7.4.0-1ubuntu2.3

  Steps to reproduce the crash
  ============================

  (note: all libraries are linked with --no-as-needed to keep them as
  DT_NEEDED entries in the dynamic section, even though they are
  unused.)

  1) create an empty library libNOTFOUND.so
  2) create an empty library libB.so, linked to libNOTFOUND.so
  3) create an empty library libA.so, linked to glibc's librt.so
  4) create an empty library libPLUGIN.so, linked to libA.so and libB.so, set DT_RUNPATH to '$ORIGIN'
  5) create an empty library libMAIN.so
  6) create an executable, linked to libMAIN.so and libdl.so, set DT_RUNPATH to '$ORIGIN', this program calls:
     a) dlopen("<absolute path to>/libPLUGIN.so")
     b) dlopen("<absolute path to>/libMAIN.so")

  Behaviour
  =========

  a) dlopen("<absolute path to>/libPLUGIN.so") fails because it cannot find libNOTFOUND.so via default search methods. This is wanted and OK!
  b) dlopen("<absolute path to>/libMAIN.so") raises SIGSEGV somewhere deep inside the dynamic linking code of glibc (backtrace attached). Expected result: returns a valid handle to libMAIN.so.

  Comments
  ========

  Attached is a simple test script which does all the steps from above
  and also shows the workaround: Ensure that librt.so is loaded and
  fully initialized before the failing call to
  dlopen("<...>/libPLUGIN.so") happens. This can be done either via
  LD_PRELOAD or by linking the executable to librt.so.

  You can also replace librt.so with libpthread.so to reproduce this
  behaviour. Any other library I tried instead of librt.so (e.g.
  libm.so) does not trigger this bug.

  I also attached a trace with LD_DEBUG=all. Here you can see that glibc
  tries to relocate librt.so while it loads libMAIN.so. I would expect
  that librt.so is loaded/relocated when libPLUGIN.so is dlopen'ed or
  that it is neither loaded nor relocated because libPLUGIN.so has unmet
  dependencies.

  This example is a stripped down version of a real scenario where an
  application was misconfigured.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1842730/+subscriptions

More information about the foundations-bugs mailing list