[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#334112: libc6: SIGSEGV in linear_search_fdes

Package: libc6
Version: 2.3.5-6.0.1
Severity: important

DWARF2 exception support is broken due to bad EH data in the .eh_frame
section of /lib/libc-2.3.5.so.

After installation of libc6 version 2.3.5-6.0.1, a number of regressions
were observed in the GCC 4.0 and 4.1 testsuites.  The following failure
occurs in g++.dg/eh/forced1.C:

(gdb) r
Starting program: /home/dave/gcc-4.1/objdir/gcc/testsuite/forced1.xg

Program received signal SIGSEGV, Segmentation fault.
linear_search_fdes (ob=0xc004a1d4, this_fde=0x40acba54, pc=0x4099d663)
    at unwind-dw2-fde.c:776
776     in unwind-dw2-fde.c
(gdb) bt
#0  linear_search_fdes (ob=0xc004a1d4, this_fde=0x40acba54, pc=0x4099d663)
    at unwind-dw2-fde.c:776
#1  0x401ba798 in _Unwind_IteratePhdrCallback (info=Variable "info" is not available.
    at ../../gcc/gcc/unwind-dw2-fde-glibc.c:386
#2  0x40a90ccc in *__GI___dl_iterate_phdr (
    callback=@0x401cc5da: 0x401ba47c <_Unwind_IteratePhdrCallback>,
    data=0xc004a08c) at dl-iteratephdr.c:71
#3  0x401ba358 in _Unwind_Find_FDE (pc=0x4099d663, bases=0xc0049b80)
    at ../../gcc/gcc/unwind-dw2-fde-glibc.c:417
#4  0x401b6968 in uw_frame_state_for (context=0xc0049a0c, fs=0xc0049c88)
    at ../../gcc/gcc/unwind-dw2.c:975
#5  0x401b80e4 in _Unwind_ForcedUnwind_Phase2 (exc=0x22050, context=0xc0049a0c)
    at unwind.inc:159
#6  0x401b84dc in _Unwind_Resume (exc=0x22050)
    at unwind.inc:235
#7  0x000109d8 in doit ()
    at /home/dave/gcc-4.1/gcc/gcc/testsuite/g++.dg/eh/forced1.C:71
#8  0x00010a04 in main ()
    at /home/dave/gcc-4.1/gcc/gcc/testsuite/g++.dg/eh/forced1.C:79

linear_search_fdes is looking for the fde for __libc_start_main in
the .eh_frame data for libc:

(gdb) disass 0x4099d660
Dump of assembler code for function __libc_start_main:
0x4099d56c <__libc_start_main+0>:       addil 1000,r19,%r1
0x4099d570 <__libc_start_main+4>:       stw rp,-14(,sp)

Here is the fde data:

(gdb) x/20x 0x40acba40
0x40acba40 <__invoke_dynamic_linker__+126408>:  0x40a8e5fc 0x00000040     0x4c0ec0ff       0xffff0f84
0x40acba50 <__invoke_dynamic_linker__+126424>:  0x0011027b 0x40ad0116     0xffffffff       0x40acfd16

Here is the end of the .eh_frame dump:

dave@gsyprf11:/usr/lib/debug$ objdump -s -j .eh_frame libc-2.3.5.so|less

libc-2.3.5.so:     file format elf32-hppa-linux

Contents of section .eh_frame:
 149d00 0000000c 00000000 01000104 020c1e00  ................
 14ea30 830b840a 85098806 00000018 00000060  ...............`
 14ea40 001115fc 00000040 4c0ec0ff ffff0f84  .......@L.......
 14ea50 0011027b                             ...{

(gdb) list unwind-dw2-fde.c:776
771     {
772       const struct dwarf_cie *last_cie = 0;
773       int encoding = ob->s.b.encoding;
774       _Unwind_Ptr base = base_from_object (ob->s.b.encoding, ob);
776       for (; ! last_fde (ob, this_fde); this_fde = next_fde (this_fde))

static inline int
last_fde (struct object *obj __attribute__ ((__unused__)), const fde *f)
  return (char *)f == obj->fde_end || f->length == 0;
  return f->length == 0;

I believe that the fde data should terminate with an fde of zero length.
This isn't the case for the libc fde data.  This and the lack of fde
data for __libc_start_main causes the SEGV.

This is a regression from 2.3.2.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (650, 'testing'), (90, 'unstable')
Architecture: hppa (parisc64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc2-pa2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

-- no debconf information

Reply to: