[Bug 1871762] [NEW] Calling printf with %f format from rtld-audit bound functions results in a segfault.

[Marcus Borkenhagen]

Public bug reported:

Calling printf functions from an rtld-audit wrapped function - not even
the wrapper itself - results in a segfault from apparently ld-linux.so.

[A complete example will be attached to this bugreport.]

When the following function is called via a rtld-audit rebound wrapper,
a segfault will occur on the last printf-call (the one with the %f
format.) This segfault apparently happens on return from the dynamic
linker itself, which seems to break its stack.

 ,-----
 | int fourtytwo(void) {
 |     printf("42.%s\n", __func__);
 |     printf("42.%s The current float is %a\n", __func__, 42.1618);
 |     printf("42.%s The current float is %f\n", __func__, 42.1618);
 |     return 42;
 | }
 `-----

Ubuntu Version:
Description:	Ubuntu 19.10
Release:	19.10

Package Version:
libc6:
  Installed: 2.30-0ubuntu2.1
  Candidate: 2.30-0ubuntu2.1
  Version table:
 *** 2.30-0ubuntu2.1 500
        500 http://de.archive.ubuntu.com/ubuntu eoan-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.30-0ubuntu2 500
        500 http://de.archive.ubuntu.com/ubuntu eoan/main amd64 Packages

** Affects: glibc (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Example reproducing the observed behavior."
   https://bugs.launchpad.net/bugs/1871762/+attachment/5350090/+files/rtld-audit-repro.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1871762

Title:
  Calling printf with %f format from rtld-audit bound functions results
  in a segfault.

Status in glibc package in Ubuntu:
  New

Bug description:
  Calling printf functions from an rtld-audit wrapped function - not
  even the wrapper itself - results in a segfault from apparently ld-
  linux.so.

  [A complete example will be attached to this bugreport.]

  When the following function is called via a rtld-audit rebound
  wrapper, a segfault will occur on the last printf-call (the one with
  the %f format.) This segfault apparently happens on return from the
  dynamic linker itself, which seems to break its stack.

   ,-----
   | int fourtytwo(void) {
   |     printf("42.%s\n", __func__);
   |     printf("42.%s The current float is %a\n", __func__, 42.1618);
   |     printf("42.%s The current float is %f\n", __func__, 42.1618);
   |     return 42;
   | }
   `-----

  Ubuntu Version:
  Description:	Ubuntu 19.10
  Release:	19.10

  Package Version:
  libc6:
    Installed: 2.30-0ubuntu2.1
    Candidate: 2.30-0ubuntu2.1
    Version table:
   *** 2.30-0ubuntu2.1 500
          500 http://de.archive.ubuntu.com/ubuntu eoan-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       2.30-0ubuntu2 500
          500 http://de.archive.ubuntu.com/ubuntu eoan/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1871762/+subscriptions