This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/10411] Segfault with non-existent directory in LD_LIBRARY_PATH

From: "azzie at astronet dot pl" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 2 Nov 2009 18:12:02 -0000
Subject: [Bug libc/10411] Segfault with non-existent directory in LD_LIBRARY_PATH
References: <20090717190615.10411.azzie@astronet.pl>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From azzie at astronet dot pl  2009-11-02 18:12 -------
Sorry, I did not receive your previous message, just the closing one.

Concrete example:

marcin@marcade ~ $ export LD_LIBRARY_PATH="/lame"
marcin@marcade ~ $ display
Segmentation fault

I'm using:

glibc: 2.9
ImageMagick: 6.5.2.9

I don't think it's anything ancient, but I again looked at the current git tree
and I am still wondering whether the following logic is correct:

1. dl-load.c:137 defines env_path_list as the following global variable and
attribute_relro

static struct r_search_path_struct env_path_list attribute_relro;

2. dl-load.c:2082 passes env_path_list to open_path()

fd = open_path (name, namelen, preloaded, &env_path_list,
                &realname, &fb,
                loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
                LA_SER_LIBPATH, &found_other_class);

3. dl-load.c:1946 might write to this attribute_relro (if none of the
directories exist)

static int
open_path (const char *name, size_t namelen, int preloaded,
           struct r_search_path_struct *sps, char **realname,
           struct filebuf *fbp, struct link_map *loader, int whatcode,
           bool *found_other_class)
{
   ...

   /* rtld_search_dirs is attribute_relro, therefore avoid writing
      into it.  */

   if (sps != &rtld_search_dirs)
      sps->dirs = (void *) -1;
   }

Note that there is a check whether sps is rtld_search_dirs but not whether it is
env_path_list - which also seems to be attribute_relro. Is this logic correct?
It segfaults for me at this very line. Your mileage may vary, but I'm suspicious
about the code itself.


-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |


http://sourceware.org/bugzilla/show_bug.cgi?id=10411

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]