Bug 165598 - libdwfl performs relocation twice
libdwfl performs relocation twice
Product: Fedora
Classification: Fedora
Component: elfutils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Depends On:
  Show dependency treegraph
Reported: 2005-08-10 13:54 EDT by Frank Ch. Eigler
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 0.113-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-14 17:58:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frank Ch. Eigler 2005-08-10 13:54:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6

Description of problem:
dwarf_fromaddr sometimes seems to misinterpret attribute data

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
when siccing libdwfl/libdw onto a kernel module (such as say ext3.ko) for a dwarf_func_entrypc the library will likely encounter a very small address.  In the 2.6.12-1.1372FC3 kernel's case, "read_block_bitmap" is at offset 0xac.

When dwarf_func_entrypc is called on this symbol, it successfully finds attr#17 in the debug info, and dwarf_attr finds the debuginfo with this 0xac address there.  Trouble is, dwarf_fromaddr treats the returned byte pointer as a decoded 4- or 8-byte value, rather than uleb128.  So it copies junk onto the caller's return_addr, leading to much chaos and mayhem.

Actual Results:  dwarf_fromaddr should return 0x000000000000ac for this case, and thence all should be well.

Additional info:
Comment 1 Roland McGrath 2005-08-10 14:35:36 EDT
DW_FORM_addr items are not encoded in LEB128 format.
Please give a test case, rather than an analysis of internal issues.
Comment 2 Frank Ch. Eigler 2005-08-10 15:15:39 EDT
% ./dwflmodtest -k | grep mii | grep link_ok
drivers/net/mii.c:211: mii_link_ok: 0xf104c468..0xf104c48f => 0xf104c468

these numbers appear to belong to a parallel dimension, since I would expect
either 468 or f8826468.

% nm sez:
00000468 T mii_link_ok
% grep mii /proc/modules
mii 9537 1 epic100, Live 0xf8826000
Comment 3 Roland McGrath 2005-08-10 18:13:11 EDT
The initial analysis had nothing to do with the real problem.
The values were off by exactly the module's load address (wrapped around).
This was because libdwfl was performing the same relocation pass twice on the
same data.  I've fixed the bug.
Comment 4 Frank Ch. Eigler 2005-08-12 15:21:55 EDT
Where can one find a fixed elfutils release?
Comment 5 Frank Ch. Eigler 2005-08-14 09:14:27 EDT
elfutils-1.113-2 in rawhide fixes this bug.
Comment 6 Roland McGrath 2005-08-14 17:58:31 EDT
Oops.  I forgot to put the bug number in the rpm changelog.

Note You need to log in before you can comment on or make changes to this bug.