hppa: avoid NULL dereference of sym_map in elf_machine_rela()
diff mbox

Message ID 1414791231-30990-1-git-send-email-aaro.koskinen@iki.fi
State New
Headers show

Commit Message

Aaro Koskinen Oct. 31, 2014, 9:33 p.m. UTC
If sym_map in elf_machine_rela() is NULL, some switch cases in theory
could try to dereference it. Avoid those.

This fixes the following build failure with GCC 4.9.2:

hppa-linux-gnu-gcc   -nostdlib -nostartfiles -r -o /home/aaro/los/work/parisc/glibc-2.20-build/default/elf/librtld.map.o '-Wl,-(' /home/aaro/los/work/parisc/glibc-2.20-build/default/elf/dl-allobjs.os /home/aaro/los/work/parisc/glibc-2.20-build/default/libc_pic.a -lgcc '-Wl,-)' -Wl,-Map,/home/aaro/los/work/parisc/glibc-2.20-build/default/elf/librtld.mapT
/home/aaro/los/work/parisc/glibc-2.20-build/default/libc_pic.a(dl-addr.os): In function `_dl_addr_inside_object':
/home/aaro/git/glibc/elf/dl-addr.c:152: multiple definition of `_dl_addr_inside_object'
/home/aaro/los/work/parisc/glibc-2.20-build/default/elf/dl-allobjs.os:(.text+0x8b8): first defined here
/home/aaro/los/work/parisc/glibc-2.20-build/default/libc_pic.a(init-first.os):(.data+0x0): multiple definition of `__libc_multiple_libcs'
/home/aaro/los/work/parisc/glibc-2.20-build/default/elf/dl-allobjs.os:(.bss+0x7c): first defined here
/home/aaro/los/work/parisc/glibc-2.20-build/default/libc_pic.a(_itoa.os): In function `_itoa':
/home/aaro/git/glibc/stdio-common/_itoa.c:199: multiple definition of `_itoa'
/home/aaro/los/work/parisc/glibc-2.20-build/default/elf/dl-allobjs.os:(.text+0x5b8): first defined here

The build failure is triggered in GCC 4.9 due to "Isolate erroneous
paths optimization". References:
https://sourceware.org/ml/libc-alpha/2013-11/msg00291.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63691

2014-10-31  Aaro Koskinen <aaro.koskinen@iki.fi>

	* sysdeps/hppa/dl-machine.h: Avoid NULL dereference of sym_map
	in elf_machine_rela().
---
 sysdeps/hppa/dl-machine.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Roland McGrath Oct. 31, 2014, 9:42 p.m. UTC | #1
It's likely this is not the right fix.  Unless there is a test case where
any of those paths can actually dereference a null pointer, then we do not
want to insert those checks.

Rather, the right solution is probably to find (or add) some switch to GCC
that changes what it emits from being a call to abort to be something
different.  It's possible that abort is OK and we just need to define an
appropriately minimal abort in rtld.  But it needs to be looked into.

Patch
diff mbox

diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
index 9c7471e..6043753 100644
--- a/sysdeps/hppa/dl-machine.h
+++ b/sysdeps/hppa/dl-machine.h
@@ -587,6 +587,8 @@  elf_machine_rela (struct link_map *map,
       break;
 
     case R_PARISC_DIR21L:
+      if (sym_map == NULL)
+	break;
       {
 	unsigned int insn = *(unsigned int *)reloc_addr;
 	value = sym_map->l_addr + sym->st_value
@@ -598,6 +600,8 @@  elf_machine_rela (struct link_map *map,
       return;
 
     case R_PARISC_DIR14R:
+      if (sym_map == NULL)
+	break;
       {
 	unsigned int insn = *(unsigned int *)reloc_addr;
 	value = ((sym_map->l_addr + sym->st_value) & 0x7ff)
@@ -686,7 +690,8 @@  elf_machine_rela (struct link_map *map,
 
 #if defined USE_TLS && (!defined RTLD_BOOTSTRAP)
     case R_PARISC_TLS_DTPMOD32:
-      value = sym_map->l_tls_modid;
+      if (sym_map != NULL)
+        value = sym_map->l_tls_modid;
       break;
 
     case R_PARISC_TLS_DTPOFF32:
@@ -698,7 +703,7 @@  elf_machine_rela (struct link_map *map,
 
     case R_PARISC_TLS_TPREL32:
       /* The offset is negative, forward from the thread pointer */
-      if (sym != NULL)
+      if (sym != NULL && sym_map != NULL)
 	{
 	  CHECK_STATIC_TLS (map, sym_map);
 	  value = sym_map->l_tls_offset + sym->st_value + reloc->r_addend;