This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/15199] dlopening a load-time library from an earlier library's initializer corrupts TLS state
- From: "luto at mit dot edu" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 26 Feb 2013 19:06:57 +0000
- Subject: [Bug dynamic-link/15199] dlopening a load-time library from an earlier library's initializer corrupts TLS state
- Auto-submitted: auto-generated
- References: <bug-15199-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=15199
--- Comment #1 from Andy Lutomirski <luto at mit dot edu> 2013-02-26 19:06:57 UTC ---
Here's a self-contained testcase, tested on Fedora 18.
--- begin a.c ---
#include <dlfcn.h>
void a(void) {}
extern void abort(void);
__attribute__((constructor)) static void init(void)
{
write(1, "dlopen b\n", 9);
if (!dlopen("libb.so", RTLD_LAZY | RTLD_NOLOAD)) /* This corrupts TLS state
*/
abort();
write(1, "dlopen done\n", 12);
}
--- end a.c ---
--- begin b.c ---
static __thread int tls;
void b()
{
write(1, "Begin TLS access\n", 17);
tls = 1; /* This will infinite loop because TLS state is corrupt */
write(1, "Done\n", 5);
}
--- end b.c ---
--- begin main.c ---
extern void a(void), b(void);
int main()
{
a(); /* Just to DT_NEEDED it. */
b(); /* This one will hang. */
}
--- end main.c ---
To trigger the bug, do this:
$ gcc -g -fPIC -shared -o liba.so a.c
$ gcc -g -fPIC -shared -o libb.so b.c
$ gcc -g -o main main.c libb.so liba.so -ldl
$ LD_LIBRARY_PATH=. ./main
dlopen b
dlopen done
Begin TLS access
[this infinite loops]
Reversing the link order of libb.so and liba.so will cause this code to work.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.