This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

[kubicek@bitsmart.com] libc/2039: Bug+fix, ld-linux.so.2 segmentation fault, file elf/dl-load.c function _dl_init_paths



According to the manual the fix is correct, here's a patch.  Ok to
commit?

Btw. I made a grep through the whole of glibc and didn't notice any
other problems.

Andreas

2001-01-23  Andreas Jaeger  <aj@suse.de>

	* elf/dl-load.c (_dl_init_paths): Don't use strdupa in function
	arguments.  Reported by Jiri Kubicek <kubicek@bitsmart.com>,
	closes PR libc/2039.

============================================================
Index: elf/dl-load.c
--- elf/dl-load.c	2001/01/12 17:03:52	1.157
+++ elf/dl-load.c	2001/01/23 08:36:47
@@ -667,6 +667,7 @@
     {
       size_t nllp;
       const char *cp = llp;
+      char *llp_tmp = strdupa (llp);
 
       /* Decompose the LD_LIBRARY_PATH contents.  First determine how many
 	 elements it has.  */
@@ -684,7 +685,7 @@
 	_dl_signal_error (ENOMEM, NULL,
 			  N_("cannot create cache for search path"));
 
-      (void) fillin_rpath (strdupa (llp), env_path_list.dirs, ":;",
+      (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
 			   __libc_enable_secure, "LD_LIBRARY_PATH", NULL);
 
       if (env_path_list.dirs[0] == NULL)


Subject: Topics

Topics:
   libc/2039: Bug+fix, ld-linux.so.2 segmentation fault, file elf/dl-load.c function _dl_init_paths



>Number:         2039
>Category:       libc
>Synopsis:       Bug+fix, ld-linux.so.2 segmentation fault, file elf/dl-load.c function _dl_init_paths
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    libc-gnats
>State:          open
>Quarter:        
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   gnatsweb
>Arrival-Date:   Tue Jan 23 02:35:53 -0500 2001
>Cases:          
>Originator:     kubicek@bitsmart.com
>Release:        glibc-2.2
>Organization:

>Environment:
i586-pc-linux-gnu
>Description:
After building the library, `make check' fails, ld-linux.so.2 causes segmentation fault:
/usr/src/glibc-2.2-obj/elf/ld-linux.so.2 --library-path /usr/src/glibc-2.2-obj:/usr/src/glibc-2.2-obj/math:/usr/src/glibc-2.2-obj/elf:/usr/src/glibc-2.2-obj/dlfcn:/usr/src/glibc-2.2-obj/nss:/usr/src/glibc-2.2-obj/nis:/usr/src/glibc-2.2-obj/rt:/usr/src/glibc-2.2-obj/resolv:/usr/src/glibc-2.2-obj/crypt:/usr/src/glibc-2.2-obj/linuxthreads /usr/src/glibc-2.2-obj/sunrpc/rpcgen -Y `gcc -print-file-name=cpp | sed "s|/cpp$||"` -c rpcsvc/bootparam_prot.x -o /usr/src/glibc-2.2-obj/sunrpc/xbootparam_prot.T
>How-To-Repeat:
...not necessary, fix follows
>Fix:
File elf/dl-load.c, line 687, function _dl_init_paths calls another function this way:
(void) fillin_rpath (strdupa (llp), env_path_list.dirs, ":;",__libc_enable_secure, "LD_LIBRARY_PATH", NULL);
Macro `strdupa' duplicates string on the stack and must not be called inside the function arguments, otherwise the stack contents in the called function `fillin_rpath' is unpredictable. The string llp should be strdupa()-ed to a temporary variable and this variable should be used as a first agument of fillin_rpath.

By the way, creating debuggable ld-linux.so.2 (GNU gdb 5.0 under i586-pc-linux-gnu) was difficult, the debugger normally can't access memory where the ld-linux.so.2 runs. Any hint in the FAQ would be fine.

Sincerelly
Jiri Kubicek
>Unformatted:
 





-- 
 Andreas Jaeger
  SuSE Labs aj@suse.de
   private aj@arthur.inka.de
    http://www.suse.de/~aj

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]