This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/16093] New: glibc doesn't relocate function address in .init_array
- From: "chengwei.yang.cn at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 28 Oct 2013 05:58:05 +0000
- Subject: [Bug dynamic-link/16093] New: glibc doesn't relocate function address in .init_array
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16093
Bug ID: 16093
Summary: glibc doesn't relocate function address in .init_array
Product: glibc
Version: 2.18
Status: NEW
Severity: critical
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: chengwei.yang.cn at gmail dot com
When running e17 (enlightenment 0.17) in Tizen, I found that it will crash due
to segment fault. The backtrace pasted below.
Program received signal SIGSEGV, Segmentation fault.
0x000021d0 in ?? ()
(gdb) bt
#0 0x000021d0 in ?? ()
#1 0xb7feccde in call_init (l=<optimized out>, argc=argc@entry=3,
argv=argv@entry=0xbffffb84, env=env@entry=0x8200d58) at dl-init.c:84
#2 0xb7fecdd4 in call_init (env=0x8200d58, argv=0xbffffb84, argc=3,
l=<optimized out>) at dl-init.c:36
#3 _dl_init (main_map=main_map@entry=0x829fba0, argc=3, argv=0xbffffb84,
env=0x8200d58) at dl-init.c:132
#4 0xb7ff0e0e in dl_open_worker (a=0xbfffb2bc) at dl-open.c:566
#5 0xb7fecb6a in _dl_catch_error (objname=objname@entry=0xbfffb2b4,
errstring=errstring@entry=0xbfffb2b8,
mallocedp=mallocedp@entry=0xbfffb2b3,
operate=operate@entry=0xb7ff0b10 <dl_open_worker>,
args=args@entry=0xbfffb2bc) at dl-error.c:177
#6 0xb7ff0604 in _dl_open (
file=0x82a17b0
"/usr/lib/enlightenment/modules/comp-tizen/linux-gnu-i686-ver-pre-svn-08/module.so",
mode=-2147483390,
caller_dlopen=0x8118895 <e_module_new+181>, nsid=<optimized out>, argc=3,
argv=0xbffffb84, env=0x8200d58) at dl-open.c:650
#7 0xb79facbc in dlopen_doit (a=0xbfffb470) at dlopen.c:66
#8 0xb7fecb6a in _dl_catch_error (objname=0x81df8ec, errstring=0x81df8f0,
mallocedp=0x81df8e8, operate=0xb79fac30 <dlopen_doit>, args=0xbfffb470)
at dl-error.c:177
#9 0xb79fb37c in _dlerror_run (
---Type <return> to continue, or q <return> to quit---
operate=operate@entry=0xb79fac30 <dlopen_doit>, args=args@entry=0xbfffb470)
at dlerror.c:163
#10 0xb79fad71 in __dlopen (
file=0x82a17b0
"/usr/lib/enlightenment/modules/comp-tizen/linux-gnu-i686-ver-pre-svn-08/module.so",
mode=258) at dlopen.c:87
#11 0x08118895 in e_module_new (name=0x82012d8 "comp-tizen") at e_module.c:143
#12 0x08118f9d in e_module_all_load () at e_module.c:101
#13 0x0807948d in _e_main_modules_load (safe_mode=0 '\000') at e_main.c:1839
#14 main (argc=3, argv=0xbffffb84) at e_main.c:1030
After did some debugging in gdb, I found that it will access invalid address
0x21d0 when call init functions for /usr/lib/libutilX.so.1.
# objdump -s -j .init_array /usr/lib/libutilX.so.1
/usr/lib/libutilX.so.1: file format elf32-i386
Contents of section .init_array:
9eac d0210000 .!..
It just seems that the function address 0x000021d0 hasn't been relocated before
invoked in call_init().
It seems not a common case, since if I call "dlopen(3)" in a simple test code,
it will not crash at all.
For more details, see https://bugs.tizen.org/jira/browse/PTREL-136
--
You are receiving this mail because:
You are on the CC list for the bug.