This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/16971] New: SEGV in do_sym
- From: "ma.jiang at zte dot com.cn" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 21 May 2014 07:37:45 +0000
- Subject: [Bug dynamic-link/16971] New: SEGV in do_sym
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16971
Bug ID: 16971
Summary: SEGV in do_sym
Product: glibc
Version: unspecified
Status: NEW
Severity: critical
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: ma.jiang at zte dot com.cn
In function do_sym(IN dl-sym.c), match could be NULL. At line 108,
match->l_scope will cause a SEGV.
94 struct link_map *l = _dl_find_dso_for_object (caller);
95 /* If the address is not recognized the call comes from the main
96 program (we hope). */
97 struct link_map *match = l ? l : GL(dl_ns)[LM_ID_BASE]._ns_loaded;
98
99 if (handle == RTLD_DEFAULT)
100 {
101 /* Search the global scope. We have the simple case where
102 we look up in the scope of an object which was part of
103 the initial binary. And then the more complex part
104 where the object is dynamically loaded and the scope
105 array can change. */
106 if (RTLD_SINGLE_THREAD_P)
107 result = GLRO(dl_lookup_symbol_x) (name, match, &ref,
108 match->l_scope, vers, 0,
109 flags |
DL_LOOKUP_ADD_DEPENDENCY,
110 NULL);
When a static program use 'dlsym(NULL, "symX")' (without any previous dlopen),
match will become NULL. This bug can be reproduced on mips but not on x86 which
always have a linux-gate.so even linked static. I think at line 98, a simple
check should be added as follow.
if (!match)
return NULL;
--
You are receiving this mail because:
You are on the CC list for the bug.