diff options
| author |   Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2019-04-26 13:58:31 +0200 |
|---|---|---|
| committer |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2019-07-04 00:44:04 +0200 |
| commit | 978f0234e258d054fd332a95d567062f0f171da4 (patch) | |
| tree | 105f4ffceb019429c2a2d50b416319f21714f7a9 /NEWS | |
| parent | support: Add support_capture_subprogram (diff) | |
| download | glibc-978f0234e258d054fd332a95d567062f0f171da4.tar.gz glibc-978f0234e258d054fd332a95d567062f0f171da4.tar.bz2 glibc-978f0234e258d054fd332a95d567062f0f171da4.zip | |
elf: Fix pldd (BZ#18035)
Since 9182aa67994 (Fix vDSO l_name for GDB's, BZ#387) the initial link_map
for executable itself and loader will have both l_name and l_libname->name
holding the same value due:
elf/dl-object.c
95 new->l_name = *realname ? realname : (char *) newname->name + libname_len - 1;
Since newname->name points to new->l_libname->name.
This leads to pldd to an infinite call at:
elf/pldd-xx.c
203 again:
204 while (1)
205 {
206 ssize_t n = pread64 (memfd, tmpbuf.data, tmpbuf.length, name_offset);
228 /* Try the l_libname element. */
229 struct E(libname_list) ln;
230 if (pread64 (memfd, &ln, sizeof (ln), m.l_libname) == sizeof (ln))
231 {
232 name_offset = ln.name;
233 goto again;
234 }
Since the value at ln.name (l_libname->name) will be the same as previously
read. The straightforward fix is just avoid the check and read the new list
entry.
I checked also against binaries issues with old loaders with fix for BZ#387,
and pldd could dump the shared objects.
Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, and
powerpc64le-linux-gnu.
[BZ #18035]
* elf/Makefile (tests-container): Add tst-pldd.
* elf/pldd-xx.c: Use _Static_assert in of pldd_assert.
(E(find_maps)): Avoid use alloca, use default read file operations
instead of explicit LFS names, and fix infinite loop.
* elf/pldd.c: Explicit set _FILE_OFFSET_BITS, cleanup headers.
(get_process_info): Use _Static_assert instead of assert, use default
directory operations instead of explicit LFS names, and free some
leadek pointers.
* elf/tst-pldd.c: New file.
(cherry picked from commit 1a4c27355e146b6d8cc6487b998462c7fdd1048f)
(cherry picked from commit eaea1dfbe95a31c29adc259100569962cddb6f19)
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -14,6 +14,7 @@ Major new features: The following bugs are resolved with this release: [16573] malloc: Set and reset all hooks for tracing + [18035] Fix pldd hang [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309) [24164] Systemtap probes need to use "nr" constraint on 32-bit Arm [24161] __run_fork_handlers self-deadlocks in malloc/tst-mallocfork2 |