NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/53465: ld.elf_so crashes when memcpy obj->tlsinit data
>Number: 53465
>Category: bin
>Synopsis: ld.elf_so crashes when memcpy obj->tlsinit data
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jul 23 14:55:00 +0000 2018
>Originator: Zhang Jingqiang
>Release: 8.0
>Organization:
>Environment:
NetBSD localhost 8.0 NetBSD 8.0 (GENERIC) #0: Tue Jul 17 14:59:51 UTC 2018 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
When run my program, which has the following TLS elf header section:
--
TLS off 0x000000000007de60 vaddr 0x000000000027de60 paddr 0x000000000027de60 align 2**4
filesz 0x0000000000000058 memsz 0x0000000000000388 flags r--
--
Then I got the following backtrace:
--
Program received signal SIGSEGV, Segmentation fault.
0x00007f7f9d60b994 in memcpy () from /usr/libexec/ld.elf_so
(gdb) bt
#0 0x00007f7f9d60b994 in memcpy () from /usr/libexec/ld.elf_so
#1 0x00007f7f9d60a0ff in __memcpy_ichk (len=<optimized out>, src=<optimized out>, dst=<optimized out>)
at /usr/include/ssp/string.h:82
#2 _rtld_tls_allocate_locked () at /usr/src/libexec/ld.elf_so/tls.c:146
#3 0x00007f7f9d60a147 in _rtld_tls_initial_allocation () at /usr/src/libexec/ld.elf_so/tls.c:106
#4 0x00007f7f9d603000 in _rtld (sp=<optimized out>, relocbase=<optimized out>) at /usr/src/libexec/ld.elf_so/rtld.c:708
#5 0x00007f7f9d6007a3 in .rtld_start () from /usr/libexec/ld.elf_so
#6 0x00007f7fff28cfe0 in ?? ()
#7 0x0000000000000000 in ?? ()
--
then I set frame to #2, and got related values:
--
(gdb) print tcb
$23 = (struct tls_tcb *) 0x7118148c3c00
(gdb) print p
$24 = (__uint8_t *) 0x7118148c3c00 ""
(gdb) print obj->tlsoffset
$25 = 912
(gdb) print obj->tlsinitsize
$26 = 88
(gdb) print obj->tlsinit
$27 = (void *) 0x27de60
--
It seems that q has enough space (912 bytes) for tlsinit data (88 bytes)
So this may be an align problem ?
>How-To-Repeat:
I didn't get a light version of the c file to reproduce the problem.
Sorry for not being able to submit the original file.
>Fix:
Home |
Main Index |
Thread Index |
Old Index