[Bug 893605]

Aj-suse 893605 at bugs.launchpad.net
Fri Apr 6 06:59:07 UTC 2012 

Btw. to just fix the accessing of dangling memory, here's a simple (but
broken) patch with a comment to explain the problem that the current
implementation has:

===================================================================
--- glibc-2.11.3.orig/elf/dl-close.c    2011-05-27 15:08:23.000000000 +0200
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
            {
              struct link_map **oldp = map->l_initfini;
              map->l_initfini = map->l_orig_initfini;
-             _dl_scope_free (oldp);
+             /* We can't remove the l_initfini memory because
+                it's shared with l_searchlist.r_list.  We don't clear
+                the latter so when we dlopen this object again that
+                entry would point to stale memory.  And we don't want
+                to recompute it as it would involve a new call to
+                map_object_deps.
+             _dl_scope_free (oldp); */
            }
        }
 
This patch is broken since now oldp never gets freed and thus some tests fail.

The Fedora patch is AFAIK applying Andreas Schwab's initial patch that
Ulrich Drepper changed ontop of Ulrich's change (thus adding Andreas'
initial version)

Here's a link to the initial patch
http://sourceware.org/ml/libc-hacker/2011-02/msg00004.html

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/893605

Title:
  crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)

Status in The GNU C Library:
  Confirmed
Status in “eglibc” package in Ubuntu:
  Fix Released
Status in “glibc” package in Fedora:
  Unknown

Bug description:
  seen with glibc-2.14/glibc-2.15:

  kvm -cdrom <iso>

  Program received signal SIGSEGV, Segmentation fault.
  0xb7fe7740 in ?? () from /lib/ld-linux.so.2
  (gdb) bt
  #0  0xb7fe7740 in ?? () from /lib/ld-linux.so.2
  #1  0xb7fe7eb9 in ?? () from /lib/ld-linux.so.2
  #2  0xb7a26490 in do_sym (handle=0xb7d86860, 
      name=0xb7c7ff4f "XAllocClassHint", who=<optimized out>, vers=0x0, flags=2)
      at dl-sym.c:178
  #3  0xb7a26927 in _dl_sym (handle=<optimized out>, name=<optimized out>, 
      who=<optimized out>) at dl-sym.c:283
  #4  0xb778cd67 in dlsym_doit (a=0xbfffeef0) at dlsym.c:51
  #5  0xb7feccaf in ?? () from /lib/ld-linux.so.2
  #6  0xb778d33a in _dlerror_run (operate=0xb778cd40 <dlsym_doit>, 
      args=0xbfffeef0) at dlerror.c:164
  #7  0xb778cde4 in __dlsym (handle=0xb7d86860, 
      name=0xb7c7ff4f "XAllocClassHint") at dlsym.c:71
  #8  0xb7c56b5a in SDL_LoadFunction () from /usr/lib/libSDL-1.2.so.0
  #9  0xb7c58511 in ?? () from /usr/lib/libSDL-1.2.so.0
  #10 0xb7c5a8aa in ?? () from /usr/lib/libSDL-1.2.so.0
  #11 0xb7c61825 in ?? () from /usr/lib/libSDL-1.2.so.0
  #12 0xb7c5155a in SDL_VideoInit () from /usr/lib/libSDL-1.2.so.0
  #13 0xb7c25c7a in SDL_InitSubSystem () from /usr/lib/libSDL-1.2.so.0
  #14 0xb7c25cfb in SDL_Init () from /usr/lib/libSDL-1.2.so.0
  #15 0x00202967 in ?? ()
  ---Type <return> to continue, or q <return> to quit---
  #16 0x0013cfdc in main ()

  gnucash:

  
  Program received signal SIGSEGV, Segmentation fault.
  0x00119740 in ?? () from /lib/ld-linux.so.2
  (gdb) bt
  #0  0x00119740 in ?? () from /lib/ld-linux.so.2
  #1  0x00119eb9 in ?? () from /lib/ld-linux.so.2
  #2  0x00c0a490 in do_sym (handle=0xb7ffd000, 
      name=0x10eeec4 "g_module_check_init", who=<optimized out>, vers=0x0, 
      flags=2) at dl-sym.c:178
  #3  0x00c0a927 in _dl_sym (handle=<optimized out>, name=<optimized out>, 
      who=<optimized out>) at dl-sym.c:283
  #4  0x03195d67 in dlsym_doit (a=0xbfffedc0) at dlsym.c:51
  #5  0x0011ecaf in ?? () from /lib/ld-linux.so.2
  #6  0x0319633a in _dlerror_run (operate=0x3195d40 <dlsym_doit>, 
      args=0xbfffedc0) at dlerror.c:164
  #7  0x03195de4 in __dlsym (handle=0xb7ffd000, 
      name=0x10eeec4 "g_module_check_init") at dlsym.c:71
  #8  0x010ee065 in g_module_symbol ()
     from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
  #9  0x010ee54f in g_module_open ()
     from /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0
  #10 0x003ff61e in ?? () from /usr/lib/gnucash/libgnc-module.so.0
  #11 0x003ff90b in gnc_module_load () from /usr/lib/gnucash/libgnc-module.so.0
  #12 0x0804ca5f in _start ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/893605/+subscriptions

More information about the foundations-bugs mailing list