String corruption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hi there,
I'm installing a 64 bit ubuntu server system with oneiric. However, due to https:/
libc-bin
libc-dev-bin
libc6
libc6-dev
libc6-dev-i386
libc6-i386
libnih-dbus1
libnih1
The oneiric version of the libc packages is 2.13-20ubuntu5.
The precise version of the libc packages is 2.15-0ubuntu2.
After this, a i386 application that I have installed on the machine breaks. The application is multi V4.2.4 from Green Hills. It is their proprietary compiler suite and IDE. When I use this compiler suite to compiler our embedded application, it fails to find a particular library. Upon further investigation I found that the front-end compiler driver (gbuild) passed the wrong library search path down to the compiler. The output of ldd gbuild is:
la:~/trunk $ ldd /usr/ghs/
libm.so.6 => /lib32/libm.so.6 (0xf7710000)
libnsl.so.1 => /lib32/libnsl.so.1 (0xf76f7000)
libdl.so.2 => /lib32/libdl.so.2 (0xf76f2000)
libc.so.6 => /lib32/libc.so.6 (0xf7578000)
With the oneiric version of the above packages, gbuild passing the (correct) option -L../output/ppc to the compiler. With the precise version of these libraries gbuild passes -L../outuut/ppc to the compiler. gbuild gets the path from a config file, which actually contains the option -L../../output/ppc, but is located one directory below the current working directory of the compiler invocation and is defined to be local to that file.
So I suspect that gbuild recognizes the -L option and the fact that it's argument is a relative path (another -L in the same file with an absolute path is passed through correctly) and tries to strip off the initial ../ but something goes wrong. I also suspect that the bug only shows up in the 32bit version of libc on 64 bit systems, since all my 64 bit apps seem to behave normally.
I can modify the option in the config file to check what, if any, corruption occurs to different strings. Here are some results:
-L../../output/ppc => -L../outuut/ppc (corrupted, that's the one that I found this with)
-L../..
-L./../
-L./../output/ppc => -Loutput/ppc (correct, no corruption)
-L.././
-L../..
Changed in eglibc (Ubuntu): | |
status: | New → Incomplete |
-L../tt/ ../../output/ ppc => -L../outuut/ppc (corrupt, tt does not exist). .././output/ ppc => -L./oututt/ppc (corrupt)
-L../tt/
I think the algorithm that gbuild uses is something like this
Starting from ../tt/. ././output/ ppc:
- Prepend the path to the config file to the path given in the config file (shared- libs/.. /tt/../ ./output/ ppc)
- Starting from the beginning each time, search for "/\./" or "/[^/]+/\.\./" and remove each occurrence with "/"
At least that's how I would implement it. It's unlikely that they are using regular expressions of course. It is likely that they simply scan through the string and then use memcpy, memmove or strcpy move the remainder of the string forward to effect the replacement. So I would suspect those kind of functions. Have there been any changes in this area between libc 2.13 and 2.15?