This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/20105] bad version variable in elf_dynamic_do_Rel() elf/do-rel.h (2.23) causes coredump in dl-machine.h elf_machine_rela()
- From: "jason.vas.dias at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 18 May 2016 16:36:42 +0000
- Subject: [Bug dynamic-link/20105] bad version variable in elf_dynamic_do_Rel() elf/do-rel.h (2.23) causes coredump in dl-machine.h elf_machine_rela()
- Auto-submitted: auto-generated
- References: <bug-20105-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20105
--- Comment #11 from Jason Vas Dias <jason.vas.dias at gmail dot com> ---
Second post:
I mean, for instance in the unmodified elf/do-rel.h code @ line 121 :
<quote><pre>
#ifdef RTLD_BOOTSTRAP
/* The dynamic linker always uses versioning. */
assert (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL);
#else
if (map->l_info[VERSYMIDX (DT_VERSYM)])
#endif
{
const ElfW(Half) *const version =
(const void *) D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]);
for (; r < end; ++r)
{
#if defined ELF_MACHINE_IRELATIVE && !defined RTLD_BOOTSTRAP
if (ELFW(R_TYPE) (r->r_info) == ELF_MACHINE_IRELATIVE)
{
if (r2 == NULL)
r2 = r;
end2 = r;
continue;
}
#endif
ElfW(Half) ndx = version[ELFW(R_SYM) (r->r_info)] & 0x7fff;
elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)],
&map->l_versions[ndx],
(void *) (l_addr + r->r_offset), skip_ifunc);
}
</pre></quote>
map=>l_versions CAN be NULL !! I can prove it.
At least please assert this and abort if not so :
<quote><pre>
#ifdef RTLD_BOOTSTRAP
/* The dynamic linker always uses versioning. */
assert (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL);
#else
if (map->l_info[VERSYMIDX (DT_VERSYM)])
#endif
{/* check for NULL map->l_versions */
if( map->l_versions == (void*)0 )
{ const char msg[] = "do-rel.h: map->l_versions is NULL!\n";
write(2, msg, sizeof(msg));
abort();
}
const ElfW(Half) *const version =
(const void *) D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]);
for (; r < end; ++r)
{
#if defined ELF_MACHINE_IRELATIVE && !defined RTLD_BOOTSTRAP
if (ELFW(R_TYPE) (r->r_info) == ELF_MACHINE_IRELATIVE)
{
if (r2 == NULL)
r2 = r;
end2 = r;
continue;
}
#endif
ElfW(Half) ndx = version[ELFW(R_SYM) (r->r_info)] & 0x7fff;
elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)],
&map->l_versions[ndx],
(void *) (l_addr + r->r_offset), skip_ifunc);
}
</pre></quote>
--
You are receiving this mail because:
You are on the CC list for the bug.