Mailinglist Archive: opensuse-bugs (3543 mails)

< Previous Next >
[Bug 717671] Segmentation fault happened in libc-2.14 for q3ademo

Michael Matz <matz@xxxxxxxx> changed:

What |Removed |Added
AssignedTo|rguenther@xxxxxxxx |aj@xxxxxxxx

--- Comment #22 from Michael Matz <matz@xxxxxxxx> 2011-09-26 13:41:06 UTC ---
The only difference I can spot is that with 4.5 the _IO_check_libio is in
section .text while with 4.6 it's in .text.startup. In both cases it's
referenced in the .ctors section:

.section .ctors,"aw",@progbits
.align 4
.long _IO_check_libio

When I unpack /work/CDs/all/full-head-x86_64/suse/x86_64/glibc-32bit.rpm
then I see:

[24] .ctors PROGBITS 0017c1dc 17b1dc 00000c 00 WA 0 0 4

Contents of section .ctors:
17c1dc 808d0100 f08d0100 00000000 ............


00018d80 <_IO_check_libio>:
00018df0 <init_cacheinfo>:

So, the ctors section is there, and the necessary symbols are too.

But I also see:

00019070 <__libc_fini>:
19070: f3 c3 repz ret
00019080 <__libc_global_ctors>:
19080: f3 c3 repz ret

I.e. empty functions for these. This is only okay if the glibc
would uses the init/fini_array mechanisms itself, which it doesn't it seems.
Therefore the two ctors aren't run at all for the factory libc.

When I read the code correctly, this shouldn't be possible (from elf/soinit.c):

------------------ x.c ---------------------------
static void (*const __CTOR_LIST__[1]) (void)
__attribute__ ((section (".ctors")))
= { (void (*) (void)) -1 };

static inline void
run_hooks (void (*const list[]) (void))
while (*++list)
(**list) ();

/* This function will be called from _init in init-first.c. */
__libc_global_ctors (void)
/* Call constructor functions. */
run_hooks (__CTOR_LIST__);

So the function shouldn't be empty. Furthermore the -1 entry at the start
of .ctors is missing. This all leads me to think that soinit.c
is "miscompiled". Reproducible with the above source as testcase:

# gcc-4.6 -O2 -fPIC -S x.c

the function will be empty and the __CTOR_LIST__ symbol will be missing.
This is all okay of GCC, because it sees the decl being one element,
therefore run_hooks (skipping the first elem) will do nothing, therefore
__libc_global_ctors will do nothing, therefore __CTOR_LIST__ will be
unreferenced, therefore because of staticness will be removed.

That linker tricks are used to extend that "array" behind GCCs back isn't
known of course. So, this is a glibc bug.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >