** Description changed: [Impact] * Dlopen() may crash. [Test Case] - $ sudo apt install make gcc + $ sudo apt install make gcc $ wget https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1821677/+attachment/5252188/+files/dl-big-note.tar.xz - $ tar -xf dl-big-note.tar.xz + $ tar -xf dl-big-note.tar.xz $ cd dl-big-note/ $ make - $ ./dl-big-note dl-big-note-lib.so + $ ./dl-big-note dl-big-note-lib.so - all ok - + all ok [Where problems could occur] * The fix is correcting a patch that was not updated to the new upstream code that was backported. There is little change in the code, but in case of an error it can crash again, let dlopen load an invalid ELF file due to the false positive verification or reject a valid ELF file due to erroneoudly failing verification (least likely). + [Other Info] - [Original Bug Text] + I've tested the fix with an amd64-only build and I'm building the packages here for all arches: + https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4242/+packages + + [Original Bug Text] With following testcase: ~/work/glibc$ cat foo.c #include <dlfcn.h> #include <stdio.h> int main(int argc, char **argv) { if (argc < 1) return 1; printf("Trying to open %s\n", argv[1]); void *liball = dlopen(argv[1], RTLD_NOW); if(liball == NULL) { printf("\nERROR: %s", dlerror()); return -1; } if(dlclose(liball)==0) {printf("\n all ok\n");} return 0; } compile with ~/work/glibc$ gcc -O0 -g foo.c -ldl then get segment fault: ~/work/glibc$ ./a.out intel64_lin/libsvml.so Trying to open intel64_lin/libsvml.so Segmentation fault (core dumped) coredump as: (gdb) bt #0 __GI___libc_free (mem=0x7ffff7d49010) at malloc.c:3085 #1 0x00007ffff7fdb6b6 in open_verify ( name=0x555555559670 "/home/lilicui/intel64_lin/libsvml.so", fbp=fbp@entry=0x7fffffffd530, loader=<optimized out>, mode=mode@entry=-1879048190, found_other_class=found_other_class@entry=0x7fffffffd51f, free_name=true, whatcode=0, fd=3) at dl-load.c:1977 #2 0x00007ffff7fdc926 in _dl_map_object (loader=loader@entry=0x7ffff7ffe190, name=name@entry=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048190, nsid=<optimized out>) at dl-load.c:2401 #3 0x00007ffff7fe79c4 in dl_open_worker (a=a@entry=0x7fffffffdaa0) at dl-open.c:228 #4 0x00007ffff7f1b48f in __GI__dl_catch_exception (exception=<optimized out>, operate=<optimized out>, args=<optimized out>) at dl-error-skeleton.c:196 #5 0x00007ffff7fe72c6 in _dl_open ( file=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", mode=-2147483646, caller_dlopen=0x5555555551cb <main+86>, nsid=<optimized out>, argc=2, argv=0x7fffffffde08, env=0x7fffffffde20) at dl-open.c:599 #6 0x00007ffff7faa256 in dlopen_doit (a=a@entry=0x7fffffffdcc0) at dlopen.c:66 #7 0x00007ffff7f1b48f in __GI__dl_catch_exception ( exception=exception@entry=0x7fffffffdc60, operate=<optimized out>, --Type <RET> for more, q to quit, c to continue without paging-- args=<optimized out>) at dl-error-skeleton.c:196 #8 0x00007ffff7f1b51f in __GI__dl_catch_error ( objname=0x7ffff7fae0f0 <last_result+16>, errstring=0x7ffff7fae0f8 <last_result+24>, mallocedp=0x7ffff7fae0e8 <last_result+8>, operate=<optimized out>, args=<optimized out>) at dl-error-skeleton.c:215 #9 0x00007ffff7faaa25 in _dlerror_run ( operate=operate@entry=0x7ffff7faa200 <dlopen_doit>, args=args@entry=0x7fffffffdcc0) at dlerror.c:163 #10 0x00007ffff7faa2e6 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87 #11 0x00005555555551cb in main (argc=2, argv=0x7fffffffde08) at foo.c:7 intel64_lin/libsvml.so is icc19.0(aleady released) runtime library, refer to attachment. Ubuntu version: ~/work/glibc$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.10 Release: 18.10 Codename: cosmic Glibc version: ~/work/glibc$ ldd --version ldd (Ubuntu GLIBC 2.28-0ubuntu1) 2.28 Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. It works fine with Glibc_2.28 upstream, and Glibc_2.28 on Fedora 29, but failed with Glibc 2.28 in Ubuntu 18.10 I found ubuntu18.10 was backporting its own patches, would that affect such testcase?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1821677 Title: dl_open segment fault in ubuntu18.10 glibc2.28 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1821677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
