This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/20105] bad version variable in elf_dynamic_do_Rel() elf/do-rel.h (2.23) causes coredump in dl-machine.h elf_machine_rela()
- From: "jason.vas.dias at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 17 May 2016 14:03:20 +0000
- Subject: [Bug dynamic-link/20105] bad version variable in elf_dynamic_do_Rel() elf/do-rel.h (2.23) causes coredump in dl-machine.h elf_machine_rela()
- Auto-submitted: auto-generated
- References: <bug-20105-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20105
--- Comment #3 from Jason Vas Dias <jason.vas.dias at gmail dot com> ---
Hi Carlos - thanks for responding .
I enclose more details of the problem as you requested, posted off
list so I can include full details - note that I have applied my patch
so now glibc does NOT coredump in exactly the same place.
I am simply trying to run Apache OpenOffice v4.1.2, binary release, from
the tar file:
http://sourceforge.net/projects/openofficeorg.mirror/files/4.1.2/binaries/en-US/Apache_OpenOffice_4.1.2_Linux_x86-64_install-rpm_en-US.tar.gz/download
- it has SHA256SUM :
699acb3bf66bedaaada58b2d2e2facf4050588fe82062f33c80cefb54bef019d
For every RPM contained in that tar file, which archives
',,..en_GB/RPMS/*.rpm'
I did:
$ mkdir /usr/fw/ooo-4.1.2
$ for rpm in en_GB/RPMS/*; do
rpm2cpio < $rpm | (cd /usr/fw/ooo-4.1.2/; cpio -ivud);
done
$ ln -s /usr/fw/ooo-4.1.2/opt/openoffice4 /opt/openoffice4
Similarly for the
Apache_OpenOffice_4.1.2_Linux_x86-64_langpack-rpm_en-GB.tar.gz RPM .
So we end up with this link map:
$ set -x; LD_LIBRARY_PATH=/usr/fw/ooo-4.1.2/opt/openoffice4/program
/lib64/ld-linux-x86-64.so.2 --list
/usr/fw/ooo-4.1.2/opt/openoffice4/program/soffice.bin 2>&1 | tee
/tmp/soffice.link.map; set +x
+ LD_LIBRARY_PATH=/usr/fw/ooo-4.1.2/opt/openoffice4/program
+ tee /tmp/soffice.link.map
+ /lib64/ld-linux-x86-64.so.2 --list
/usr/fw/ooo-4.1.2/opt/openoffice4/program/soffice.bin
linux-vdso.so.1 (0x00007fff969ae000)
libuno_sal.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_sal.so.3
(0x00007f988caeb000)
libsofficeapp.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsofficeapp.so
(0x00007f988c85d000)
libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f988c638000)
libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f988c32a000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f988bfaf000)
libm.so.6 => /usr/lib64/libm.so.6 (0x00007f988bcaa000)
libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007f988ba94000)
libc.so.6 => /usr/lib64/libc.so.6 (0x00007f988b6f2000)
libcrypt.so.1 => /usr/lib64/libcrypt.so.1 (0x00007f988b4bb000)
libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f988b2b7000)
libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f988b099000)
libcomphelpgcc3.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libcomphelpgcc3.so
(0x00007f988ad45000)
libuno_cppuhelpergcc3.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
(0x00007f988aa4d000)
libuno_cppu.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppu.so.3
(0x00007f988a817000)
libdeploymentmisc.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libdeploymentmisc.so
(0x00007f988a5ef000)
libdeploymentgui.uno.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libdeploymentgui.uno.so
(0x00007f988a370000)
libi18nisolang1gcc3.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libi18nisolang1gcc3.so
(0x00007f988a169000)
libsfx.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsfx.so
(0x00007f9889b1c000)
libsvl.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsvl.so
(0x00007f988980f000)
libsvt.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsvt.so
(0x00007f9889185000)
libootk.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libootk.so
(0x00007f9888bc5000)
libtl.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libtl.so
(0x00007f988890b000)
libucbhelper4gcc3.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libucbhelper4gcc3.so
(0x00007f9888689000)
libutl.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libutl.so
(0x00007f9888319000)
libvcl.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libvcl.so
(0x00007f9887bf8000)
libvos3gcc3.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libvos3gcc3.so
(0x00007f98879cf000)
libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f98877b1000)
libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f98875ad000)
libXdmcp.so.6 => /usr/lib64/libXdmcp.so.6 (0x00007f98873a8000)
/lib64/ld-linux-x86-64.so.2 (0x000055f6074a9000)
libuno_salhelpergcc3.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_salhelpergcc3.so.3
(0x00007f98871a4000)
libxcr.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libxcr.so
(0x00007f9886ef6000)
libsvx.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsvx.so
(0x00007f9886918000)
libsvxcore.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsvxcore.so
(0x00007f9885f87000)
libfwe.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libfwe.so
(0x00007f9885cd7000)
libsax.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsax.so
(0x00007f9885abe000)
libsb.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsb.so
(0x00007f98856af000)
libsot.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libsot.so
(0x00007f9885452000)
libxml2.so.2 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libxml2.so.2
(0x00007f9885111000)
libbasegfx.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libbasegfx.so
(0x00007f9884e43000)
libi18nutilgcc3.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libi18nutilgcc3.so
(0x00007f9884c30000)
libjvmfwk.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libjvmfwk.so.3
(0x00007f9884a14000)
libicuuc.so.40 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libicuuc.so.40
(0x00007f98846d6000)
libicule.so.40 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libicule.so.40
(0x00007f98844a0000)
libi18npaper.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libi18npaper.so
(0x00007f988429a000)
libjvmaccessgcc3.so.3 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libjvmaccessgcc3.so.3
(0x00007f9884094000)
libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f9883df9000)
libdrawinglayer.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libdrawinglayer.so
(0x00007f9883aec000)
libediteng.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libediteng.so
(0x00007f98836e3000)
libfwk.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libfwk.so
(0x00007f9883291000)
libxo.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libxo.so
(0x00007f9882cdc000)
libavmedia.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libavmedia.so
(0x00007f9882aa4000)
liblng.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/liblng.so
(0x00007f98827ed000)
libfwi.so => /usr/fw/ooo-4.1.2/opt/openoffice4/program/libfwi.so
(0x00007f98825bc000)
libicudata.so.40 =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libicudata.so.40
(0x00007f9881677000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00007f9881461000)
libbz2.so.1.0 => /usr/lib64/libbz2.so.1.0 (0x00007f9881251000)
libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f988101f000)
libcanvastools.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libcanvastools.so
(0x00007f9880de5000)
libcppcanvas.so =>
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libcppcanvas.so
(0x00007f9880b7f000)
+ set +x
Unlike before my patch for Bug # 20105 (attached), which does ensure that if
map->l_versions is null, a null version pointer is passed to
elf_machine_rela (so
it does not access version pointers like 0x48!) , the initial load
now succeeds and the first splash screen is displayed; but now glibc
gets a coredump in a different place - full log is in attached
'gdb.log' - excerpts shown below:
$ LD_LIBRARY_PATH=/usr/fw/ooo-4.1.2/opt/openoffice4/program gdb
--args /usr/fw/ooo-4.1.2/opt/openoffice4/program/soffice.bin -writer
GNU gdb (GDB) 7.11
...
This GDB was configured as "x86_64-linux-gnu".
...
Reading symbols from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/soffice.bin...(no debugging
symbols found)...done.
(gdb) run
Starting program: /usr/fw/ooo-4.1.2/opt/openoffice4/program/soffice.bin -writer
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
[New Thread 0x7fffeba9b700 (LWP 5221)]
[New Thread 0x7fffe6d1c700 (LWP 5222)]
[New Thread 0x7fffe651b700 (LWP 5223)]
Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
do_lookup_x (undef_name=undef_name@entry=0x7fffdeb09874
"_ITM_deregisterTMCloneTable", new_hash=new_hash@entry=2247416213,
old_hash=old_hash@entry=0x7fffffffc1e0, ref=0x7fffdeb093c0,
result=result@entry=0x7fffffffc1f0,
scope=<optimized out>, i=0, version=0x0, flags=1, skip=0x0,
type_class=4, undef_map=0x67c0b0) at dl-lookup.c:366
366 const struct link_map *map = list[i]->l_real;
(gdb) where
#0 do_lookup_x (undef_name=undef_name@entry=0x7fffdeb09874
"_ITM_deregisterTMCloneTable", new_hash=new_hash@entry=2247416213,
old_hash=old_hash@entry=0x7fffffffc1e0, ref=0x7fffdeb093c0,
result=result@entry=0x7fffffffc1f0,
scope=<optimized out>, i=0, version=0x0, flags=1, skip=0x0,
type_class=4, undef_map=0x67c0b0) at dl-lookup.c:366
#1 0x00007ffff7de3c9f in _dl_lookup_symbol_x
(undef_name=0x7fffdeb09874 "_ITM_deregisterTMCloneTable",
undef_map=undef_map@entry=0x67c0b0, ref=ref@entry=0x7fffffffc350,
symbol_scope=symbol_scope@entry=0x67c408, version=0x0,
type_class=4, flags=1, skip_map=0x0) at dl-lookup.c:829
#2 0x00007ffff7de58c3 in elf_machine_rela (skip_ifunc=33554432,
reloc_addr_arg=0x7fffded4aa60, version=<optimized out>,
sym=0x7fffdeb093c0, reloc=0x7fffdeb09f10, map=0x67c0b0) at
../sysdeps/x86_64/dl-machine.h:301
#3 elf_dynamic_do_Rela (skip_ifunc=33554432, lazy=<optimized out>,
nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized
out>, map=0x67c0b0) at do-rel.h:141
#4 _dl_relocate_object (scope=<optimized out>,
reloc_mode=reloc_mode@entry=1, consider_profiling=<optimized out>,
consider_profiling@entry=0) at dl-reloc.c:258
#5 0x00007ffff7ded809 in dl_open_worker (a=a@entry=0x7fffffffc6d0) at
dl-open.c:424
#6 0x00007ffff7de90e4 in _dl_catch_error
(objname=objname@entry=0x7fffffffc6c0,
errstring=errstring@entry=0x7fffffffc6c8,
mallocedp=mallocedp@entry=0x7fffffffc6bf,
operate=operate@entry=0x7ffff7ded4a0 <dl_open_worker>,
args=args@entry=0x7fffffffc6d0) at dl-error.c:187
#7 0x00007ffff7ded017 in _dl_open (file=0x7fffffffc930
"/usr/fw/ooo-4.1.2/opt/openoffice4/program/../program/ucpgvfs1.uno.so",
mode=-2147483391, caller_dlopen=0x7ffff7a0fa2b <osl_loadModule+171>,
nsid=-2, argc=2, argv=<optimized out>,
env=0x61a650) at dl-open.c:649
#8 0x00007ffff61c1f09 in dlopen_doit (a=a@entry=0x7fffffffc900) at dlopen.c:66
#9 0x00007ffff7de90e4 in _dl_catch_error (objname=0x61a630,
errstring=0x61a638, mallocedp=0x61a628, operate=0x7ffff61c1eb0
<dlopen_doit>, args=0x7fffffffc900) at dl-error.c:187
#10 0x00007ffff61c2521 in _dlerror_run
(operate=operate@entry=0x7ffff61c1eb0 <dlopen_doit>,
args=args@entry=0x7fffffffc900) at dlerror.c:163
#11 0x00007ffff61c1fa1 in __dlopen (file=<optimized out>,
mode=<optimized out>) at dlopen.c:87
#12 0x00007ffff7a0fa2b in osl_loadModule () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_sal.so.3
#13 0x00007ffff5a01805 in
cppu::loadSharedLibComponentFactory(rtl::OUString const&,
rtl::OUString const&, rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>
const&, com::sun::star::uno::Reference<com::sun::star::registry::XRegistryKey>
const&) () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
#14 0x00007fffe8c891de in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/bootstrap.uno.so
#15 0x00007ffff59f01b3 in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
#16 0x00007ffff59f0d0a in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
#17 0x00007ffff59ed72a in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
#18 0x00007ffff59ed94f in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libuno_cppuhelpergcc3.so.3
#19 0x00007fffe8c568d6 in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/bootstrap.uno.so
#20 0x00007fffe8c4cccc in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/bootstrap.uno.so
#21 0x00007ffff778b373 in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsofficeapp.so
#22 0x00007ffff778bb99 in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsofficeapp.so
#23 0x00007ffff777d3b0 in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsofficeapp.so
#24 0x00007ffff2c877eb in ?? () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libvcl.so
#25 0x00007ffff2c878b6 in SVMain() () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libvcl.so
#26 0x00007ffff77a5f6c in soffice_main () from
/usr/fw/ooo-4.1.2/opt/openoffice4/program/libsofficeapp.so
#27 0x0000000000400f7b in main ()
(gdb)
As shown in gdb.log:
(gdb) info reg rip
rip 0x7ffff7de3060 0x7ffff7de3060 <do_lookup_x+128>
(gdb) disass/sr 0x7ffff7de3060,+8
Dump of assembler code from 0x7ffff7de3060 to 0x7ffff7de3068:
dl-lookup.c:
366 const struct link_map *map = list[i]->l_real;
=> 0x00007ffff7de3060 <do_lookup_x+128>: 49 8b 04 ee mov
(%r14,%rbp,8),%rax
0x00007ffff7de3064 <do_lookup_x+132>: 48 8b 58 28 mov
0x28(%rax),%rbx
End of assembler dump.
(gdb) info scope 0x7ffff7de3060
Function "0x7ffff7de3060" not defined.
(gdb) info scope *0x7ffff7de3060
Scope for *0x7ffff7de3060:
...
Symbol bitmask is multi-location:
...
Range 0x7ffff7de3214-0x7ffff7de323f: a complex DWARF expression:
0: DW_OP_breg14 760 [$r14]
...
Symbol map is multi-location:
...
Range 0x7ffff7de3214-0x7ffff7de32ae: a variable in $r14
...:
I think %r14 is the 'map' variable here, which is NULL :
(gdb) p map
$1 = <optimized out>
(gdb) info reg r14
r14 0x0 0
But could it be 'bitmap' ? There is alot of aliasing / importing variables
from
surrounding scopes into inlines going on here - like the 'l' variable
- it is very
difficult to see exactly where 'l' is defined in this scope.
I think what is happening is that OOO is loading the newer
libpcre-1.2.6 which is somehow incompatible with the older libpcre-1.2.0
of RHEL7 clones. But I don't think glibc should coredump in this case
- it should
complain about the library version mismatches . I'll try building pcre 8.32
as a local copy into /usr/fw/ooo-4.1.2/opt/openoffice4/program - I
built pcre-8.38
into /usr/lib64 .
In order to build OOO-4.1.2 in my new LFS system, I'd have to convert the
whole
system into a RHEL clone from a few years ago , so I'm trying to use the binary
OOO release under the LFS system - it works for other freeware such as
firefox-46 -
it is almost working, and should once these niggles are sorted out.
If there is any further information you require, just let me know .
Thanks & Regards,
Jason
On 17/05/2016, carlos at redhat dot com
<sourceware-bugzilla@sourceware.org> wrote:
> https://sourceware.org/bugzilla/show_bug.cgi?id=20105
>
> Carlos O'Donell <carlos at redhat dot com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |carlos at redhat dot com
>
> --- Comment #2 from Carlos O'Donell <carlos at redhat dot com> ---
> (In reply to Jason Vas Dias from comment #0)
>> So the expression &map->l_versions[ndx] has value 0x48 but is
>> dereferenced
>> as a pointer by elf_machine_rela() .
>
> Something serious has gone wrong.
>
> In elf_get_dynamic_info the value of DT_VERSYM is loaded and relocated and
> should never be invalid for a correct binary and in a correct use case.
>
> Is your binary is corrupt?
>
> Was the file was written do while you were running?
>
> Can you provide a copy of the library that fails to load?
>
> --
> You are receiving this mail because:
> You reported the bug.
--
You are receiving this mail because:
You are on the CC list for the bug.