Bug#334112: libc6: SIGSEGV in linear_search_fdes
Package: libc6
Version: 2.3.5-6.0.1
Severity: important
DWARF2 exception support is broken due to bad EH data in the .eh_frame
section of /lib/libc-2.3.5.so.
After installation of libc6 version 2.3.5-6.0.1, a number of regressions
were observed in the GCC 4.0 and 4.1 testsuites. The following failure
occurs in g++.dg/eh/forced1.C:
(gdb) r
Starting program: /home/dave/gcc-4.1/objdir/gcc/testsuite/forced1.xg
Program received signal SIGSEGV, Segmentation fault.
linear_search_fdes (ob=0xc004a1d4, this_fde=0x40acba54, pc=0x4099d663)
at unwind-dw2-fde.c:776
776 in unwind-dw2-fde.c
(gdb) bt
#0 linear_search_fdes (ob=0xc004a1d4, this_fde=0x40acba54, pc=0x4099d663)
at unwind-dw2-fde.c:776
#1 0x401ba798 in _Unwind_IteratePhdrCallback (info=Variable "info" is not available.
)
at ../../gcc/gcc/unwind-dw2-fde-glibc.c:386
#2 0x40a90ccc in *__GI___dl_iterate_phdr (
callback=@0x401cc5da: 0x401ba47c <_Unwind_IteratePhdrCallback>,
data=0xc004a08c) at dl-iteratephdr.c:71
#3 0x401ba358 in _Unwind_Find_FDE (pc=0x4099d663, bases=0xc0049b80)
at ../../gcc/gcc/unwind-dw2-fde-glibc.c:417
#4 0x401b6968 in uw_frame_state_for (context=0xc0049a0c, fs=0xc0049c88)
at ../../gcc/gcc/unwind-dw2.c:975
#5 0x401b80e4 in _Unwind_ForcedUnwind_Phase2 (exc=0x22050, context=0xc0049a0c)
at unwind.inc:159
#6 0x401b84dc in _Unwind_Resume (exc=0x22050)
at unwind.inc:235
#7 0x000109d8 in doit ()
at /home/dave/gcc-4.1/gcc/gcc/testsuite/g++.dg/eh/forced1.C:71
#8 0x00010a04 in main ()
at /home/dave/gcc-4.1/gcc/gcc/testsuite/g++.dg/eh/forced1.C:79
linear_search_fdes is looking for the fde for __libc_start_main in
the .eh_frame data for libc:
(gdb) disass 0x4099d660
Dump of assembler code for function __libc_start_main:
0x4099d56c <__libc_start_main+0>: addil 1000,r19,%r1
0x4099d570 <__libc_start_main+4>: stw rp,-14(,sp)
...
Here is the fde data:
(gdb) x/20x 0x40acba40
0x40acba40 <__invoke_dynamic_linker__+126408>: 0x40a8e5fc 0x00000040 0x4c0ec0ff 0xffff0f84
0x40acba50 <__invoke_dynamic_linker__+126424>: 0x0011027b 0x40ad0116 0xffffffff 0x40acfd16
Here is the end of the .eh_frame dump:
dave@gsyprf11:/usr/lib/debug$ objdump -s -j .eh_frame libc-2.3.5.so|less
libc-2.3.5.so: file format elf32-hppa-linux
Contents of section .eh_frame:
149d00 0000000c 00000000 01000104 020c1e00 ................
...
14ea30 830b840a 85098806 00000018 00000060 ...............`
14ea40 001115fc 00000040 4c0ec0ff ffff0f84 .......@L.......
14ea50 0011027b ...{
(gdb) list unwind-dw2-fde.c:776
771 {
772 const struct dwarf_cie *last_cie = 0;
773 int encoding = ob->s.b.encoding;
774 _Unwind_Ptr base = base_from_object (ob->s.b.encoding, ob);
775
776 for (; ! last_fde (ob, this_fde); this_fde = next_fde (this_fde))
static inline int
last_fde (struct object *obj __attribute__ ((__unused__)), const fde *f)
{
#ifdef DWARF2_OBJECT_END_PTR_EXTENSION
return (char *)f == obj->fde_end || f->length == 0;
#else
return f->length == 0;
#endif
}
I believe that the fde data should terminate with an fde of zero length.
This isn't the case for the libc fde data. This and the lack of fde
data for __libc_start_main causes the SEGV.
This is a regression from 2.3.2.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (650, 'testing'), (90, 'unstable')
Architecture: hppa (parisc64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc2-pa2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
-- no debconf information
Reply to: