2016-12-02 12:58:12 |
Oleksandr Pikozh |
bug |
|
|
added bug |
2016-12-02 12:58:12 |
Oleksandr Pikozh |
attachment added |
|
test-origin-in-needed.sh https://bugs.launchpad.net/bugs/1646822/+attachment/4786412/+files/test-origin-in-needed.sh |
|
2016-12-02 18:06:43 |
Oleksandr Pikozh |
summary |
Handling $ORIGIN strings within DT_NEEDED sections |
Handling $ORIGIN strings within DT_NEEDED entries |
|
2016-12-02 18:06:49 |
Oleksandr Pikozh |
description |
What documentation says:
"$ORIGIN sequences within a DT_NEEDED entry or path passed as a parameter to dlopen() are treated as errors."
(From "System V Application Binary Interface - DRAFT - 10 June 2013" / "Chapter 5 - Program Loading and Dynamic Linking" / "Dynamic Linking" / "Shared Object Dependencies" / "Substitution Sequences" <http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#substitution>.)
What in reality happens:
- Having $ORIGIN string within DT_NEEDED section with shared library that DOES NOT uses versioning, causes '$ORIGIN' to be interpreted as path-to-directory-where-binary-is-located (despite, per documentation, it should/must be treated as error).
- Having $ORIGIN string within DT_NEEDED section with shared library that USES versioning, causes assertion failure (see below) or segmentation fault (not on my system) (however, it doesn't look like intentional/graceful message related to explicitly documented case of ORIGIN within DT_NEEDED — it more looks like that ld.so was put into unexpected state).
On my system, having $ORIGIN within DT_NEEDED together with versioning causes the following output: "Inconsistency detected by ld.so: dl-version.c: 224: _dl_check_map_versions: Assertion `needed != NULL' failed!". Some other people say they observe segmentation fault instead. I used the attached script test-origin-in-needed.sh to test behavior.
I'd better report the bug to libc maintainers (upstream). Because it seems to be upstream-related specification violation. But the libc bug reporting policy says: "Distributions may include their own modifications to glibc in the binaries and sources you get with the operating system. If the glibc you are using comes from a complete operating system distribution, you should report bugs to that distribution project first." So, I report here first.
1) lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
2) pt-cache policy libc6
libc6:
Installed: 2.23-0ubuntu4
Candidate: 2.23-0ubuntu4
Version table:
*** 2.23-0ubuntu4 500
500 http://ua.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.23-0ubuntu3 500
500 http://ua.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
3) I expected handling of $ORIGIN strings within DT_NEEDED sections to be conforming "System V Application Binary Interface". Or, at least, to see non-conforming parts explicitly documented somewhere in GNU documentation.
4) See above. Having $ORIGIN string within DT_NEEDED section without versioning causes $ORIGIN to work as if it's within (for example) RPATH section — violates documentation. Having $ORIGIN string within DT_NEEDED section with versioning causes assertion failure (formally doesn't violate documentation, but really it looks more like unexpected state than graceful condition handling). I used attached script to test. |
What documentation says:
From what documentation says, it looks like $ORIGIN string should be recognized within DT_NEEDED entries.
(Sorry, in initial version of bug-report I misinterpreted one of sentences in documentation, taking it out of context.)
See "System V Application Binary Interface - DRAFT - 10 June 2013" / "Chapter 5 - Program Loading and Dynamic Linking" / "Dynamic Linking" / "Shared Object Dependencies" / "Substitution Sequences" <http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#substitution>.
What in reality happens:
- Having $ORIGIN string within DT_NEEDED entry and shared library that DOES NOT uses versioning, causes '$ORIGIN' to be interpreted as path-to-directory-where-binary-is-located.
- Having $ORIGIN string within DT_NEEDED entry and shared library that USES versioning, causes assertion failure (see below) or segmentation fault (not on my system).
On my system, having $ORIGIN within DT_NEEDED together with versioning causes the following output: "Inconsistency detected by ld.so: dl-version.c: 224: _dl_check_map_versions: Assertion `needed != NULL' failed!". Some other people say they observe segmentation fault instead. I used the attached script test-origin-in-needed.sh to test behavior.
I'd better report the bug to libc maintainers (upstream). Because it seems to be not downstream-related. But the libc bug reporting policy says: "Distributions may include their own modifications to glibc in the binaries and sources you get with the operating system. If the glibc you are using comes from a complete operating system distribution, you should report bugs to that distribution project first." So, I report here first.
1) lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
2) apt-cache policy libc6
libc6:
Installed: 2.23-0ubuntu4
Candidate: 2.23-0ubuntu4
Version table:
*** 2.23-0ubuntu4 500
500 http://ua.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.23-0ubuntu3 500
500 http://ua.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
3) I expected $ORIGIN strings within DT_NEEDED entries to be either recognized or not recognized.
4) Behavior depends on whether shared object is versioned or not. With non-versioned shared object it seems to be ok. With versioned shared object it causes assertion failure (or segmentation fault on some other platforms). |
|
2016-12-02 18:07:37 |
Oleksandr Pikozh |
description |
What documentation says:
From what documentation says, it looks like $ORIGIN string should be recognized within DT_NEEDED entries.
(Sorry, in initial version of bug-report I misinterpreted one of sentences in documentation, taking it out of context.)
See "System V Application Binary Interface - DRAFT - 10 June 2013" / "Chapter 5 - Program Loading and Dynamic Linking" / "Dynamic Linking" / "Shared Object Dependencies" / "Substitution Sequences" <http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#substitution>.
What in reality happens:
- Having $ORIGIN string within DT_NEEDED entry and shared library that DOES NOT uses versioning, causes '$ORIGIN' to be interpreted as path-to-directory-where-binary-is-located.
- Having $ORIGIN string within DT_NEEDED entry and shared library that USES versioning, causes assertion failure (see below) or segmentation fault (not on my system).
On my system, having $ORIGIN within DT_NEEDED together with versioning causes the following output: "Inconsistency detected by ld.so: dl-version.c: 224: _dl_check_map_versions: Assertion `needed != NULL' failed!". Some other people say they observe segmentation fault instead. I used the attached script test-origin-in-needed.sh to test behavior.
I'd better report the bug to libc maintainers (upstream). Because it seems to be not downstream-related. But the libc bug reporting policy says: "Distributions may include their own modifications to glibc in the binaries and sources you get with the operating system. If the glibc you are using comes from a complete operating system distribution, you should report bugs to that distribution project first." So, I report here first.
1) lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
2) apt-cache policy libc6
libc6:
Installed: 2.23-0ubuntu4
Candidate: 2.23-0ubuntu4
Version table:
*** 2.23-0ubuntu4 500
500 http://ua.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.23-0ubuntu3 500
500 http://ua.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
3) I expected $ORIGIN strings within DT_NEEDED entries to be either recognized or not recognized.
4) Behavior depends on whether shared object is versioned or not. With non-versioned shared object it seems to be ok. With versioned shared object it causes assertion failure (or segmentation fault on some other platforms). |
What documentation says:
From what documentation says, it looks like $ORIGIN string should be recognized within DT_NEEDED entries.
(Sorry, in initial version of bug-report I misinterpreted one of sentences in documentation, taking it out of context.)
See "System V Application Binary Interface - DRAFT - 10 June 2013" / "Chapter 5 - Program Loading and Dynamic Linking" / "Dynamic Linking" / "Shared Object Dependencies" / "Substitution Sequences" <http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#substitution>.
What in reality happens:
- Having $ORIGIN string within DT_NEEDED entry and shared library that DOES NOT uses versioning, causes '$ORIGIN' to be interpreted as path-to-directory-where-binary-is-located.
- Having $ORIGIN string within DT_NEEDED entry and shared library that USES versioning, causes assertion failure (see below) or segmentation fault (not on my system).
On my system, having $ORIGIN within DT_NEEDED together with versioning causes the following output: "Inconsistency detected by ld.so: dl-version.c: 224: _dl_check_map_versions: Assertion `needed != NULL' failed!". Some other people say they observe segmentation fault instead. I used the attached script test-origin-in-needed.sh to test behavior.
I'd better report the bug to libc maintainers (upstream). Because it seems to be not downstream-related. But the libc bug reporting policy says: "Distributions may include their own modifications to glibc in the binaries and sources you get with the operating system. If the glibc you are using comes from a complete operating system distribution, you should report bugs to that distribution project first." So, I report here first.
1) lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
2) apt-cache policy libc6
libc6:
Installed: 2.23-0ubuntu4
Candidate: 2.23-0ubuntu4
Version table:
*** 2.23-0ubuntu4 500
500 http://ua.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.23-0ubuntu3 500
500 http://ua.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
3) I expected $ORIGIN strings within DT_NEEDED entries to be either always recognized or not recognized.
4) Behavior depends on whether shared object is versioned or not. With non-versioned shared object it seems to be ok. With versioned shared object it causes assertion failure (or segmentation fault on some other platforms). |
|