This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug nptl/719] New: dlfcn/tststatic writes past end of dtv array
- From: "amodra at bigpond dot net dot au" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 14 Feb 2005 12:25:15 -0000
- Subject: [Bug nptl/719] New: dlfcn/tststatic writes past end of dtv array
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
The static_dtv array used by __libc_setup_tls has only enough room for one dtv.
thread pointer
(gdb) p/x $r13
$1 = 0x100a46a0
tcb
(gdb) p/x *(long *)($r13 - 0x7000 - 8)
$2 = 0x1009a8a8
dtv, including 2 reserved elements.
(gdb) p/x *(long *)(0x1009a8a8 - 16)@6
$3 = {0x1, 0x0, 0x0, 0x0, 0x1009d6a0, 0x100000000000000}
tststatic loads modstatic.so, which depends on libc.so.6, which has a PT_TLS
segment. libc.so get a tls_modid of 2, and the dtv array isn't extended before
_dl_nothread_init_static_tls is called.
Breakpoint 3, _dl_nothread_init_static_tls (map=0x1009ef90) at dl-reloc.c:128
(gdb) p/x $r13
$8 = 0x100a46a0
(gdb) p/x *(long *)($r13 - 0x7000 - 8)
$9 = 0x1009a8a8
(gdb) p/x *(long *)(0x1009a8a8 - 16)@6
$10 = {0x1, 0x0, 0x0, 0x0, 0x1009d6a0, 0x100000000000000}
(gdb) p map->l_name
$11 = 0x1009ef70 "../libc.so.6"
(gdb) p map->l_tls_modid
$12 = 2
This results in the test failing due to other static vars being trashed. The
attached patch should make the failure a bit more obvious.
--
Summary: dlfcn/tststatic writes past end of dtv array
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nptl
AssignedTo: drepper at redhat dot com
ReportedBy: amodra at bigpond dot net dot au
CC: glibc-bugs at sources dot redhat dot com
GCC host triplet: powerpc64-linux
http://sources.redhat.com/bugzilla/show_bug.cgi?id=719
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.