[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#749122: marked as done (ld.so crashes when sections are placed at different addresses)

Your message dated Sat, 24 May 2014 15:17:25 +0200
with message-id <20140524131725.GF5346@hall.aurel32.net>
and subject line Re: Bug#749122: ld.so crashes when sections are placed at different addresses
has caused the Debian Bug report #749122,
regarding ld.so crashes when sections are placed at different addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
749122: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749122
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libc6
Version: 2.18-7
Severity: normal
File: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

Hi,

I want to mmap a large file to 0x10000 because the data contains
pointers and was originally at that offset. Mapping somewhere else and
relocating all the pointers is impossible. Unfortunately on amd64
binaries are normaly mapped at 0x00400000 and 0x0060a000 onwards,
conflicting with mapping the file. So I tried to link my binary to be
at a different address. But that makes ld.so crash with SIGSEGV or
SIGILL.

----------------------------------------------------------------------
echo 'int main() { return 0; }' | gcc-4.8 -Wl,--section-start=.interp=0x70000000 -x c -
gdb ./a.out

Program received signal SIGSEGV, Segmentation fault.
dl_main (phdr=phdr@entry=0x6fe00040, phnum=phnum@entry=8, 
    user_entry=user_entry@entry=0x7fffffffe3c8, auxv=<optimized out>)
    at rtld.c:1169
1169    rtld.c: No such file or directory.
(gdb) bt
#0  dl_main (phdr=phdr@entry=0x6fe00040, phnum=phnum@entry=8, 
    user_entry=user_entry@entry=0x7fffffffe3c8, auxv=<optimized out>)
    at rtld.c:1169
#1  0x00007ffff7df2215 in _dl_sysdep_start (
    start_argptr=start_argptr@entry=0x7fffffffe480, 
    dl_main=dl_main@entry=0x7ffff7dde670 <dl_main>) at ../elf/dl-sysdep.c:249
#2  0x00007ffff7de19f6 in _dl_start_final (arg=0x7fffffffe480) at rtld.c:332
#3  _dl_start (arg=0x7fffffffe480) at rtld.c:558
#4  0x00007ffff7dde188 in _start () from /lib64/ld-linux-x86-64.so.2
#5  0x0000000000000001 in ?? ()
#6  0x00007fffffffe6fd in ?? ()
#7  0x0000000000000000 in ?? ()
----------------------------------------------------------------------
echo 'int main() { return 0; }' | gcc-4.8 -Wl,--section-start=.interp=0x40000 -x c -
gdb ./a.out 

During startup program terminated with signal SIGKILL, Killed.
(gdb) bt
No stack.
----------------------------------------------------------------------
Surprisingly the following works again:

echo 'int main() { return 0; }' | gcc-4.8 -Wl,--section-start=.interp=0x70000200 -x c -

The difference seems to be where the section headers are placed in the
output file.

Working:   Start of section headers:          2528 (bytes into file)
Crashing:  Start of section headers:          2099168 (bytes into file)

MfG
	Goswin

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6:amd64 depends on:
ii  libgcc1  1:4.9.0-1

libc6:amd64 recommends no packages.

Versions of packages libc6:amd64 suggests:
ii  debconf [debconf-2.0]  1.5.53
pn  glibc-doc              <none>
ii  locales                2.18-5

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
On Sat, May 24, 2014 at 12:23:23PM +0200, Goswin von Brederlow wrote:
> Package: libc6
> Version: 2.18-7
> Severity: normal
> File: /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
> 
> Hi,
> 
> I want to mmap a large file to 0x10000 because the data contains
> pointers and was originally at that offset. Mapping somewhere else and
> relocating all the pointers is impossible. Unfortunately on amd64
> binaries are normaly mapped at 0x00400000 and 0x0060a000 onwards,
> conflicting with mapping the file. So I tried to link my binary to be
> at a different address. But that makes ld.so crash with SIGSEGV or
> SIGILL.
> 
> ----------------------------------------------------------------------
> echo 'int main() { return 0; }' | gcc-4.8 -Wl,--section-start=.interp=0x70000000 -x c -
> gdb ./a.out
> 
> Program received signal SIGSEGV, Segmentation fault.
> dl_main (phdr=phdr@entry=0x6fe00040, phnum=phnum@entry=8, 
>     user_entry=user_entry@entry=0x7fffffffe3c8, auxv=<optimized out>)
>     at rtld.c:1169

The kernel maps the PHDR entry at address 0x6fe00040 (this can also be
seen using LD_SHOW_AUXV=1), but in practice nothing is mapped at this
address, so ld.so crashes on the first access at this address.

This is likely due to a non conform ELF file format, anyway it's clearly
not a bug in libc. Please dig more about the issue and report the bug
against the correct package. Closing the bug.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

--- End Message ---
Reply to: