+++ This bug was initially created as a clone of Bug #1325135 +++
Description of problem:
ldconfig segfaults if the /var/cache/ldconfig/aux-cache is corrupted.
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 6
Steps to Reproduce:
1. Remove some entries from /var/cache/ldconfig/aux-cache to make corrupt file.
2. Run ldconfig to rebuild cache
Segmentation fault (core dumped)
ldconfig should check for corrupt cache and rebuild it again.
The upstream patch is incomplete because it does not perform an fsync before the rename, and some file systems need that.
We need to fix the fsync issue and backport this patch.
I'm setting devel_cond_nak+ upstream/capacity for this since we need a fix upstream before this is complete, but leaving flags Patch because we could backport the existing fix and move incrementally in the right direction (towards upstream solution).
Author: Aurelien Jarno <firstname.lastname@example.org>
Date: Wed Mar 11 21:03:50 2015 -0400
Fix ldconfig segmentation fault with corrupted cache (Bug 18093).
ldconfig is using an aux-cache to speed up the ld.so.cache update. It
is read by mmaping the file to a structure which contains data offsets
used as pointers. As they are not checked, it is not hard to get
ldconfig to segfault with a corrupted file. This happens for instance if
the file is truncated, which is common following a filesystem check
following a system crash.
This can be reproduced for example by truncating the file to roughly
half of it's size.
There is already some code in elf/cache.c (load_aux_cache) to check
for a corrupted aux cache, but it happens to be broken and not enough.
The test (aux_cache->nlibs >= aux_cache_size) compares the number of
libs entry with the cache size. It's a non sense, as it basically
assumes that each library entry is a 1 byte... Instead this commit
computes the theoretical cache size using the headers and compares it
to the real size.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.