Debian Bug report logs - #336511
[PR libmudflap/24619] mudflap instrumentation of dlopen is incorrect

version graph

Package: gcc-snapshot; Maintainer for gcc-snapshot is Debian GCC Maintainers <debian-gcc@lists.debian.org>; Source for gcc-snapshot is src:gcc-snapshot.

Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>

Date: Sun, 30 Oct 2005 21:18:29 UTC

Severity: normal

Tags: patch, upstream, wontfix

Found in version gcc-snapshot/20051023-1

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://gcc.gnu.org/PR24619

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. Full text and rfc822 format available.

Acknowledgement sent to "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gcc-snapshot: mudflap instrumentation of dlopen is incorrect
Date: Sun, 30 Oct 2005 21:10:49 +0000
Package: gcc-snapshot
Version: 20051023-1
Severity: normal
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

If mudflap is used to instrument a program using dlopen, and the program
(assuming it is compiled with -rdynamic) loads itself by passing NULL for the
path to dlopen, the program will crash unconditionally; that is, regardless of
the options passed to mudflap, so long as instrumentation is enabled.

This is because (at least with GNU/Linux) it is valid to pass a NULL pointer as
the path argument to dlopen, and the instrumentation code unconditionally uses
strlen on that pointer, without checking first if it is NULL.

I have included the following patch, which may help fix the problem.  I have not
tested it, but it should work.  As always, it is "as is", with no warranty of
any kind.  The patch is against svn HEAD (r104588).

- --- mf-hooks2.c.orig	2005-10-30 20:35:44.000000000 +0000
+++ mf-hooks2.c	2005-10-30 20:37:38.000000000 +0000
@@ -1679,8 +1679,10 @@ WRAPPER2(void *, dlopen, const char *pat
   void *p;
   size_t n;
   TRACE ("%s\n", __PRETTY_FUNCTION__);
- -  n = strlen (path);
- -  MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "dlopen path");
+  if (NULL != path) {
+    n = strlen (path);
+    MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "dlopen path");
+  }
   p = dlopen (path, flags);
   if (NULL != p) {
 #ifdef MF_REGISTER_dlopen

- -- System Information:
Debian Release: testing/unstable
  APT prefers experimental
  APT policy: (500, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages gcc-snapshot depends on:
ii  binutils           2.16.1cvs20050902-1   The GNU assembler, linker and bina
ii  libart-2.0-2       2.3.17-1              Library of functions for 2D graphi
ii  libatk1.0-0        1.10.3-1              The ATK accessibility toolkit
ii  libc6              2.3.5-7               GNU C Library: Shared libraries an
ii  libc6-dev          2.3.5-7               GNU C Library: Development Librari
ii  libcairo2          1.0.2-1               The Cairo 2D vector graphics libra
ii  libfontconfig1     2.3.2-1.1             generic font configuration library
ii  libfreetype6       2.1.10-1              FreeType 2 font engine, shared lib
ii  libglib2.0-0       2.8.3-1               The GLib library of C routines
ii  libgmp3c2          4.1.4-11              Multiprecision arithmetic library
ii  libgtk2.0-0        2.8.3-1               The GTK+ graphical user interface 
ii  libpango1.0-0      1.10.1-1              Layout and rendering of internatio
ii  libpng12-0         1.2.8rel-5            PNG library - runtime
ii  libx11-6           6.8.99.901.dfsg.1-1   X Window System protocol client li
ii  libxrender1        1:0.9.0+CVS20050919-2 X Rendering Extension client libra
ii  libxtst6           6.8.99.901.dfsg.1-1   X Window System event recording an
ii  xlibs              6.8.99.901.dfsg.1-1   X Window System client libraries m
ii  zlib1g             1:1.2.3-6             compression library - runtime

gcc-snapshot recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBQ2U22eWR/8lWBVPnAQOpewf/dnpt2OoQZbi7NmboBtxWvapyZoo5xTlg
EWJ2Tgv78SauIwya91o26FyG12+F3qpedy/VKQE8txkfQOVPOYtmnOd57KLNv7QJ
Q/7NYHp+AIaZD7KihuZOowZumoCXVmHjogJOT8cp4cPttduLWP5PgpplrS5T6uSz
bJXcNuhmupyBmTcx/2aPU3wglt/IEIimVEFSgAnZyWS9suHukdT2c0oaSdkxm57T
hMtX/xcK/eyQWjVC4DeQWk0G3nzSDHzZj/bnHbnC3tfuBlC8B90iI5jteCFUJmhX
RUMjGf46NbUQIOCxZzCU+1y6ws7woOXMChPhXDzW+ERGkfuxVKjbEA==
=iNA9
-----END PGP SIGNATURE-----



Changed Bug title. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://gcc.gnu.org/PR24619. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: upstream Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sid Request was from "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Mon, 01 Dec 2008 23:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Mon, 01 Dec 2008 23:18:02 GMT) Full text and rfc822 format available.

Message #18 received at 336511@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: 336511@bugs.debian.org, control@bugs.debian.org
Subject: Instrumentation of dlopen is still incorrect
Date: Mon, 1 Dec 2008 23:15:13 +0000
[Message part 1 (text/plain, inline)]
tags 336511 -sid
clone 336511 -1 -2
reassign -1 libmudflap0
reassign -1 lib32mudflap0
kthxbye

The instrumentation of dlopen(3) remains incorrect.  Is there any
activity on this bug, either in Debian or upstream?  This bug has been
open over three years with a trivial patch and yet it is still present.

I have attached a testcase for easy diagnosis of the problem.  If the
program segfaults, then the bug is present.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[mudflap.c (text/x-csrc, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags removed: sid Request was from "brian m. carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. (Mon, 01 Dec 2008 23:18:09 GMT) Full text and rfc822 format available.

Bug 336511 cloned as bugs 507514, 507515. Request was from "brian m. carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. (Mon, 01 Dec 2008 23:18:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Tue, 02 Dec 2008 01:03:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Tue, 02 Dec 2008 01:03:07 GMT) Full text and rfc822 format available.

Message #27 received at 336511@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@debian.org>
To: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>, 336511@bugs.debian.org
Subject: Re: Bug#336511: Instrumentation of dlopen is still incorrect
Date: Tue, 02 Dec 2008 01:56:54 +0100
please forwarded these upstream, mudflap doesn't see much attention.

brian m. carlson schrieb:
> tags 336511 -sid
> clone 336511 -1 -2
> reassign -1 libmudflap0
> reassign -1 lib32mudflap0
> kthxbye
> 
> The instrumentation of dlopen(3) remains incorrect.  Is there any
> activity on this bug, either in Debian or upstream?  This bug has been
> open over three years with a trivial patch and yet it is still present.
> 
> I have attached a testcase for easy diagnosis of the problem.  If the
> program segfaults, then the bug is present.
> 





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Sun, 07 Dec 2008 02:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Sun, 07 Dec 2008 02:42:02 GMT) Full text and rfc822 format available.

Message #32 received at 336511@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: Matthias Klose <doko@debian.org>
Cc: 336511@bugs.debian.org
Subject: Re: Bug#336511: Instrumentation of dlopen is still incorrect
Date: Sun, 7 Dec 2008 02:38:40 +0000
[Message part 1 (text/plain, inline)]
On Tue, Dec 02, 2008 at 01:56:54AM +0100, Matthias Klose wrote:
>please forwarded these upstream, mudflap doesn't see much attention.

Apparently, they're already forwarded.  It's just that nobody's doing
anything about them.  The mudflap code, as implemented, is incorrect.
It's not just incorrect on GNU/Linux, it's incorrect on FreeBSD, NetBSD,
OpenBSD, Solaris, HP-UX, OSF1, Mac OS X, and according to POSIX.  In
fact, I could not find a Unix that provides dlopen(3) but does not
permit NULL as a valid value for path.

There's even a patch that I provided, which is trivially correct.  I'm
just trying to find out if there's a reason why this bug hasn't been
fixed after three years.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Mon, 04 Jan 2010 10:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Mon, 04 Jan 2010 10:03:06 GMT) Full text and rfc822 format available.

Message #37 received at 336511@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@debian.org>
To: 336511@bugs.debian.org, 336511-submitter@bugs.debian.org
Subject: Re: [PR libmudflap/24619] mudflap instrumentation of dlopen is incorrect
Date: Mon, 04 Jan 2010 10:57:10 +0100
mudflap doesn't see much attention upstream; could you recheck/test your patch 
with gcc-4.4/gcc-4.5? I'll apply it as a local patch then.

thanks, Matthias




Message sent on to "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>:
Bug#336511. (Mon, 04 Jan 2010 10:03:15 GMT) Full text and rfc822 format available.

Information stored :
Bug#336511; Package gcc-snapshot. (Mon, 04 Jan 2010 17:03:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and filed, but not forwarded. (Mon, 04 Jan 2010 17:03:08 GMT) Full text and rfc822 format available.

Message #45 received at 336511-quiet@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: Matthias Klose <doko@debian.org>, 336511-quiet@bugs.debian.org
Subject: Re: Bug#336511: [PR libmudflap/24619] mudflap instrumentation of dlopen is incorrect
Date: Mon, 4 Jan 2010 16:55:52 +0000
[Message part 1 (text/plain, inline)]
On Mon, Jan 04, 2010 at 10:57:10AM +0100, Matthias Klose wrote:
> mudflap doesn't see much attention upstream; could you recheck/test
> your patch with gcc-4.4/gcc-4.5? I'll apply it as a local patch
> then.

I've reproduced the problem with gcc-4.4 and gcc-4.5.  The patch I
provided is (and always has been) completely untested, mostly because I
don't want to dedicate a lot of time to building and bootstrapping a
Debian gcc package.  However, if you really want me to, I can find a
spare machine on which to bootstrap so I can test the patch.  Please let
me know either way.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Mon, 11 Jan 2010 11:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Mon, 11 Jan 2010 11:27:03 GMT) Full text and rfc822 format available.

Message #50 received at 336511@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@debian.org>
To: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>, 336511@bugs.debian.org
Subject: Re: Bug#336511: Instrumentation of dlopen is still incorrect
Date: Mon, 11 Jan 2010 12:24:10 +0100
On 07.12.2008 03:38, brian m. carlson wrote:
> On Tue, Dec 02, 2008 at 01:56:54AM +0100, Matthias Klose wrote:
>> please forwarded these upstream, mudflap doesn't see much attention.
>
> Apparently, they're already forwarded. It's just that nobody's doing
> anything about them. The mudflap code, as implemented, is incorrect.
> It's not just incorrect on GNU/Linux, it's incorrect on FreeBSD, NetBSD,
> OpenBSD, Solaris, HP-UX, OSF1, Mac OS X, and according to POSIX. In
> fact, I could not find a Unix that provides dlopen(3) but does not
> permit NULL as a valid value for path.
>
> There's even a patch that I provided, which is trivially correct. I'm
> just trying to find out if there's a reason why this bug hasn't been
> fixed after three years.

lack of interest? I'll apply a tested patch for 4.4/4.5, if you send one, else 
it might be better to tag the report as wontfix.

  Matthias





Changed Bug submitter to '"brian m. carlson" <sandals@crustytoothpaste.net>' from '"Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>' Request was from "brian m. carlson" <sandals@crustytoothpaste.net> to control@bugs.debian.org. (Thu, 03 Feb 2011 20:51:15 GMT) Full text and rfc822 format available.

Added tag(s) wontfix. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 11 Nov 2013 17:39:23 GMT) Full text and rfc822 format available.

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Wed, 12 Feb 2014 12:39:08 GMT) Full text and rfc822 format available.

Notification sent to "brian m. carlson" <sandals@crustytoothpaste.net>:
Bug acknowledged by developer. (Wed, 12 Feb 2014 12:39:08 GMT) Full text and rfc822 format available.

Message #59 received at 336511-done@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@debian.org>
To: 336511-done@bugs.debian.org, 507515-done@bugs.debian.org
Subject: mudflap removed in GCC trunk
Date: Wed, 12 Feb 2014 13:37:36 +0100
mudflap removed in GCC trunk, closing open issues.



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 13 Mar 2014 07:26:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:07:22 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.