This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Q: ld-linux.2 bug in glibc2.2.2?


>>>"Andreas" == Andreas Jaeger <aj@suse.de> writes on glibc-bug
mailing list

    Andreas> If your binary is broken, it's a bug in your binary [...]

    Andreas> Basile STARYNKEVITCH <basile.starynkevitch@wanadoo.fr>
    Andreas> writes:

I did put on "http://www.tunes.org/~basile/glibcbug.tgz" an example of
ld-linux core dump glibc2.2.2 or 2.2.1, Linux/x86 (AMD-K6),
Debian/testing [=sid] distribution, 2.2.18 kernel, gcc 2.95.3, ld
2.10.91 from binutils 2.10.1.0.2-1 debian package. This is an ldscript
with a tiny main2.c in C.

    Basile>  Well, I have no warning or error message. Neither from ld not
    Basile> from the dynamic linker. I would expect that ld-linux.2 should
    Basile> be able to run an ELF executable -very similar to gcc produced
    Basile> ones- for which /usr/bin/ld does not give any error or
    Basile> warning. The ldscript I use contains all the sections from
    Basile> /usr/lib/ldscripts/elf_i386.x

    Andreas> You might hit a bug - but without a description it's not
    Andreas> possible to tell.

I found the bug. The .dynamic section was wrongly placed. So the
DYNAMIC segment was also wrongly placed.

Ok, it was a bug in the ldscript; but I think that it should have been
detected either at compile&link time by ld from binutils, or at
dynamic-link time by ld-linux.so.2. I've got no warning or error
message, just a core dump (in /lib/ld-linux.so.2)

The buggy ldscript incorrectly placed the .dynamic section after the
.bss section. So the resulting data segment was wrong. (the .bss
section had the same offset as the .dynamic section in the ELF
executable).

To circumvent the bug, I did apply the following patch to the ldscript
file in my glibcbug.tgz (see URL above):

################

*** ldscript	2001/02/27 08:03:38	1.1
--- ldscript	2001/02/27 08:09:36
***************
*** 216,221 ****
--- 216,224 ----
      KEEP (*(.dtors))
    }
    .got		  : { *(.got.plt) *(.got) }
+   .dynamic       : 
+ 	{ KEEP(*(.dynamic)) } :data :dynamic 
+ 
    _edata = .;
    PROVIDE (edata = .);
    __bss_start = .;
***************
*** 246,253 ****
    . = ALIGN(32 / 8);
    _end = .;
    PROVIDE (end = .);
!   .dynamic       : 
! 	{ KEEP(*(.dynamic)) } :data :dynamic 
  
    /***************** debugging and info ****************/
  
--- 249,255 ----
    . = ALIGN(32 / 8);
    _end = .;
    PROVIDE (end = .);
! 
  
    /***************** debugging and info ****************/
  
################

But I still think that I should have gotten a warning or error either
at static linking&loading time by ld (from binutils) or at dynamic
linking time by ld-linux.so.2 (from glibc). I got neither of them, but
ld-linux.so crashed with a core dump.

I understand that this is a catchy issue.... there is an implicit
contract between binutils and glibc regarding ELF layout, and neither
of these tools do the appropriate checks. (Which probably should be
done by binutils which has more information).

--
Basile STARYNKEVITCH -- http://perso.wanadoo.fr/starynkevitch/basile/
email: basile dot starynkevitch at wanadoo dot fr (France)
alias: basile at tunes dot org       host: http://lesours.dyndns.org/
8, rue de la Faïencerie, 92340 Bourg La Reine, phone: 1.46.65.45.53


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]