Bug 961238 - LD_DEBUG=all crashes
LD_DEBUG=all crashes
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Siddhesh Poyarekar
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-09 04:18 EDT by Jan Safranek
Modified: 2016-11-24 07:14 EST (History)
8 users (show)

See Also:
Fixed In Version: glibc-2.17-9.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-14 12:53:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 15465 None None None Never

  None (edit)
Description Jan Safranek 2013-05-09 04:18:20 EDT
Dynamic linker crashes with LD_DEBUG=all with this stack trace:

#0  strlen () at ../sysdeps/x86_64/rtld-strlen.S:47
#1  0x00007f7524cef08b in _dl_debug_vdprintf (fd=2, tag_p=<optimized out>, tag_p@entry=1, fmt=0x7f7524cfc3cc "s [%lu]\n", fmt@entry=0x7f7524cfc3b0 "symbol=%s;  lookup in file=%s [%lu]\n", 
    arg=arg@entry=0x7fff5b359f98) at dl-misc.c:206
#2  0x00007f7524cef3c1 in _dl_debug_printf (fmt=fmt@entry=0x7f7524cfc3b0 "symbol=%s;  lookup in file=%s [%lu]\n") at dl-misc.c:271
#3  0x00007f7524ce8c26 in do_lookup_x (new_hash=new_hash@entry=1917559477, old_hash=old_hash@entry=0x7fff5b35a130, result=result@entry=0x7fff5b35a140, scope=<optimized out>, i=i@entry=0, 
    flags=flags@entry=1, skip=skip@entry=0x0, undef_map=undef_map@entry=0x7f7524ee99c0) at dl-lookup.c:114
#4  0x00007f7524ce8faf in _dl_lookup_symbol_x (undef_name=0x7f752103a0b7 "_ZNK7Pegasus13ConfigManager16_fixedValueCheckERKNS_6StringERS1_", undef_map=0x7f7524ee99c0, ref=ref@entry=0x7fff5b35a1f8, 
    symbol_scope=0x7f7524ee9d18, version=0x0, type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at dl-lookup.c:739
#5  0x00007f7524ced8a6 in _dl_fixup (l=<optimized out>, reloc_arg=<optimized out>) at ../elf/dl-runtime.c:113
#6  0x00007f7524cf42d5 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:45
#7  0x00007f752104a75a in Pegasus::ConfigManager::getCurrentValue (this=0x7f752649af30, name=...) at ConfigManager.cpp:531
#8  0x00007f7524f07332 in CIMServerProcess::cimserver_run (this=0x7f7526494730, argc=0, argv=0x7fff5b35af08, shutdownOption=false, debugOutputOption=false) at cimserver.cpp:789
#9  0x00007f7524adab76 in Pegasus::ServerProcess::platform_run (this=0x7f7526494730, argc=3, argv=0x7fff5b35af08, shutdownOption=false, debugOutputOption=false) at ServerProcessUnix.cpp:187
#10 0x00007f7524f07189 in main (argc=3, argv=0x7fff5b35af08) at cimserver.cpp:708


Version-Release number of selected component (if applicable):
glibc-2.17-6.fc20.x86_64

How reproducible:
always

Steps to Reproduce:
1. yum install tog-pegasus
2. LD_DEBUG=all cimserver daemon=false forceProviderProcesses=false
  
Actual results:
*lot* of debug messages + Segmentation fault

Expected results:
even more debug messages + running cimserver

Additional info:
'cimserver' is in c++, I don't know if it is relevant. The last what linker prints is:
      1320:     symbol=_ZN7Pegasus8Executor14detectExecutorEv;  lookup in file=/lib64/libpegconfig.so.1 [0]
      1320:     symbol=_ZN7Pegasus8Executor14detectExecutorEv;  lookup in file=/lib64/libpeggeneral.so.1 [0]
      1320:     symbol=_ZN7Pegasus8Executor14detectExecutorEv;  lookup in file=/lib64/libpegcommon.so.1 [0]
      1320:     binding file /lib64/libpegconfig.so.1 [0] to /lib64/libpegcommon.so.1 [0]: normal symbol `_ZN7Pegasus8Executor14detectExecutorEv'
Comment 1 Jan Safranek 2013-05-09 04:38:33 EDT
Crashes also with glibc-2.17-8.fc20.x86_64
Comment 2 Siddhesh Poyarekar 2013-05-13 10:40:08 EDT
Pegasus merges the commandline:

(gdb) list
707     void ConfigManager::mergeCommandLine(int& argc, char**& argv)
708     {
709         // Remove the command name from the command line
710         if (argc > 0)
711         {
712             memmove(&argv[0], &argv[1], (argc) * sizeof(char*));
713             argc--;
714         }
715

The result of this is that once it does this enough number of times, the program name (argv[0]) ends up being NULL, resulting in this crash.

That doesn't seem like a very nice thing to do.  I guess in the dynamic linker we could simply write "<main program>" if argv[0] is NULL, but I wonder if such behaviour is allowed at all.

Carlos, what do you think?  You obviously have more experience with these bits than I.
Comment 3 Carlos O'Donell 2013-05-13 11:57:06 EDT
(In reply to comment #2)
> Pegasus merges the commandline:
> 
> (gdb) list
> 707     void ConfigManager::mergeCommandLine(int& argc, char**& argv)
> 708     {
> 709         // Remove the command name from the command line
> 710         if (argc > 0)
> 711         {
> 712             memmove(&argv[0], &argv[1], (argc) * sizeof(char*));
> 713             argc--;
> 714         }
> 715
> 
> The result of this is that once it does this enough number of times, the
> program name (argv[0]) ends up being NULL, resulting in this crash.
> 
> That doesn't seem like a very nice thing to do.  I guess in the dynamic
> linker we could simply write "<main program>" if argv[0] is NULL, but I
> wonder if such behaviour is allowed at all.
> 
> Carlos, what do you think?  You obviously have more experience with these
> bits than I.

It's allowed by the ISO C standard.

The only guarantees are (from the standard):
* The value of argc shall be nonnegative.
* The value argv[argc] shall be a null pointer.
* If the value of argc is greater than zero, the array members argv[0] through argv[argc-1] inclusive shall contain pointers to strings, which are given implementation-defined values by the host environment prior to program start up.
* If the value of argc is greater than zero, the string pointed to by argv[0] represents the program name; argv[0][0] shall be the null character if the program name is not available from the host environment.

The dynamic loader should not crash, we should print something informative, but what to print is the tricky question.

Printing "NULL" is not informative to users.

Printing "<No program name provided>" is probably most useful.
Comment 4 Siddhesh Poyarekar 2013-05-13 23:57:09 EDT
OK, thanks.  Parts of the dynamic linker already writes "<main program>", so I think I'll use that.
Comment 5 Siddhesh Poyarekar 2013-05-14 12:53:14 EDT
I posted the patch upstream:

http://sourceware.org/ml/libc-alpha/2013-05/msg00444.html

It has cleared a peer review, so I'll push it upstream once other architecture maintainers also test the changes.  I've pushed the patch into rawhide for now.  Please clone the bug if you need backport into any other active Fedora branches.

Note You need to log in before you can comment on or make changes to this bug.