Bug 1812756 - glibc: dlopen()ing a DT_FILTER library crashes if filtee has constructor
Summary: glibc: dlopen()ing a DT_FILTER library crashes if filtee has constructor
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: glibc
Version: 8.1
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: rc
: 8.0
Assignee: Carlos O'Donell
QA Contact: qe-baseos-tools-bugs
Zuzana Zoubkova
URL:
Whiteboard:
: 1812757 (view as bug list)
Depends On:
Blocks: 1825061 1819440
TreeView+ depends on / blocked
 
Reported: 2020-03-12 05:34 UTC by Divya
Modified: 2021-09-17 12:20 UTC (History)
11 users (show)

Fixed In Version: glibc-2.28-108.el8
Doc Type: Bug Fix
Doc Text:
.The `glibc` dynamic loader no longer fails while loading a shared library that uses `DT_FILTER` and has a constructor Prior to this update, a defect in the dynamic loader implementation of shared objects as filters caused the dynamic loader to fail while loading a shared library that uses a filter and has a constructor. With this release, the dynamic loader implementation of filters (`DT_FILTER`) has been fixed to correctly handle such shared libraries. As a result, the dynamic loader now works as expected in the mentioned scenario.
Clone Of:
Environment:
Last Closed: 2020-11-04 01:33:21 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4444 0 None None None 2020-11-04 01:33:42 UTC
Sourceware 16272 0 P2 RESOLVED dlopen()ing a DT_FILTER library crashes if filtee has constructor 2020-11-27 09:56:47 UTC

Description Divya 2020-03-12 05:34:18 UTC
Description of problem:
Linking DSOs with  g++ --Wl,--filter=someDSO.so, and DSO produced can't be dlopened or feeded to ldd

$  ldd someDSO.so
Inconsistency detected by ld.so: dl-deps.c: 553: _dl_map_object_deps: Assertion `map->l_searchlist.r_list[0] == map' failed!


Version-Release number of selected component (if applicable):
glibc-2.28

How reproducible:
Always

Steps to Reproduce:
1. Set  DT_FILTER to a shared library as below: 

$ g++ --Wl,--filter=someDSO.so

2. Load the library using dlopen or just do ldd on it: 

$  ldd someDSO.so
Inconsistency detected by ld.so: dl-deps.c: 553: _dl_map_object_deps: Assertion `map->l_searchlist.r_list[0] == map' failed!



Actual results:
Crashes with Assertion message as below: 
Inconsistency detected by ld.so: dl-deps.c: 553: _dl_map_object_deps: Assertion `map->l_searchlist.r_list[0] == map' failed!

Expected results:
Library should load without any error/problem with DT_FILTER set to it.

Additional info:
Issue is reported in upstream at https://sourceware.org/bugzilla/show_bug.cgi?id=16272. 

I had provided a test package to the customer including fix from the upstream bugzilla and customer has confirmed that it fixes the issue.

Comment 1 Carlos O'Donell 2020-03-12 21:13:08 UTC
*** Bug 1812757 has been marked as a duplicate of this bug. ***

Comment 3 Carlos O'Donell 2020-04-06 13:33:55 UTC
We are planning to fix this in the upcoming RHEL 8.3.0 release.

I want to point out that the present DT_FILTER implementation may have issues with respect to function filtering that are considered out of scope for this bug.

We can continue to refine the implementation upstream. The exact semantics of DT_FILTER, DT_AUXFILTER are not the subject of this bug report and can be further examined upstream.

Comment 8 Sergey Kolosov 2020-07-26 10:04:43 UTC
Verified with glibc testsuite and https://sourceware.org/bugzilla/show_bug.cgi?id=16272#c0 reproducer.

Comment 11 errata-xmlrpc 2020-11-04 01:33:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: glibc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4444


Note You need to log in before you can comment on or make changes to this bug.