Subject: Re: ldd dumps core
To: None <ks@ub.uni-mainz.de>
From: Tobias Nygren <tnn@NetBSD.org>
List: current-users
Date: 10/07/2007 11:34:05 
This is a multi-part message in MIME format.

--Multipart=_Sun__7_Oct_2007_11_34_05_+0200_bNHjdO=Z3VE880S5
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Sat, 6 Oct 2007 21:35:41 +0200
Kurt Schreiner <ks@ub.uni-mainz.de> wrote:

> On Sat, Oct 06, 2007 at 09:12:25PM +0200, I wrote:
> > 
> > I'll compile libc with USE_JEMALLOC=no and see what gives...
> > 
> Hm, replacing jemalloc with malloc changes - nothing!
> ldd <whatever> is still dumping core in imalloc...
> 
> 1033: ident /libexec/ld.elf_so | grep mall
>      $NetBSD: xmalloc.c,v 1.7 2007/10/05 22:21:07 ad Exp $
>      $NetBSD: malloc.c,v 1.48 2006/11/24 19:37:02 christos Exp $
>  
> 1034: ldd /bin/ls
> Floating exception(core dumped)

Here's a patch you can try. I'll let someone else judge it's
correctness ...
Anyway, there are two problems. The first is that imalloc
is called when _rtld_pagesz has not yet been initialised. The
other is that we attempt to use free() from libc on pointers
allocated with imalloc() from ld.elf_so.

--Multipart=_Sun__7_Oct_2007_11_34_05_+0200_bNHjdO=Z3VE880S5
Content-Type: text/plain;
 name="ldd.c.diff.txt"
Content-Disposition: attachment;
 filename="ldd.c.diff.txt"
Content-Transfer-Encoding: 7bit

Index: ldd.c
===================================================================
RCS file: /cvsroot/src/usr.bin/ldd/ldd_elf/ldd.c,v
retrieving revision 1.28
diff -u -r1.28 ldd.c
--- ldd.c	19 May 2007 15:35:04 -0000	1.28
+++ ldd.c	7 Oct 2007 09:30:23 -0000
@@ -153,9 +153,9 @@
 		usage();
 		/*NOTREACHED*/
 	}
+	_rtld_pagesz = sysconf(_SC_PAGESIZE);
 	_rtld_add_paths(argv[0], &_rtld_default_paths, RTLD_DEFAULT_LIBRARY_PATH);
 
-	_rtld_pagesz = sysconf(_SC_PAGESIZE);
 
 	for (; argc != 0; argc--, argv++) {
 		int fd = open(*argv, O_RDONLY);
@@ -206,17 +206,23 @@
 			while (obj->rpaths != NULL) {
 				const Search_Path *rpath = obj->rpaths;
 				obj->rpaths = rpath->sp_next;
+#if 0 /* xxx can't free memory allocated within ld.elf_so */
 				free((void *) rpath->sp_path);
 				free((void *) rpath);
+#endif
 			}
 			while (obj->needed != NULL) {
 				const Needed_Entry *needed = obj->needed;
 				obj->needed = needed->next;
+#if 0 /* xxx */
 				free((void *) needed);
+#endif
 			}
 			(void) munmap(obj->mapbase, obj->mapsize);
+#if 0 /* xxx */
 			free(obj->path);
 			free(obj);
+#endif
 		}
 
 		_rtld_objmain = NULL;

--Multipart=_Sun__7_Oct_2007_11_34_05_+0200_bNHjdO=Z3VE880S5--