Debian Bug report logs - #507515
[PR libmudflap/24619] mudflap instrumentation of dlopen is incorrect

version graph

Package: gcc-snapshot; Maintainer for gcc-snapshot is Debian GCC Maintainers <debian-gcc@lists.debian.org>; Source for gcc-snapshot is src:gcc-snapshot.

Reported by: "brian m. carlson" <sandals@crustytoothpaste.net>

Date: Sun, 30 Oct 2005 21:18:29 UTC

Severity: normal

Tags: patch, upstream, wontfix

Found in version gcc-snapshot/20051023-1

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://gcc.gnu.org/PR24619

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. Full text and rfc822 format available.

Acknowledgement sent to "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gcc-snapshot: mudflap instrumentation of dlopen is incorrect
Date: Sun, 30 Oct 2005 21:10:49 +0000
Package: gcc-snapshot
Version: 20051023-1
Severity: normal
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

If mudflap is used to instrument a program using dlopen, and the program
(assuming it is compiled with -rdynamic) loads itself by passing NULL for the
path to dlopen, the program will crash unconditionally; that is, regardless of
the options passed to mudflap, so long as instrumentation is enabled.

This is because (at least with GNU/Linux) it is valid to pass a NULL pointer as
the path argument to dlopen, and the instrumentation code unconditionally uses
strlen on that pointer, without checking first if it is NULL.

I have included the following patch, which may help fix the problem.  I have not
tested it, but it should work.  As always, it is "as is", with no warranty of
any kind.  The patch is against svn HEAD (r104588).

- --- mf-hooks2.c.orig	2005-10-30 20:35:44.000000000 +0000
+++ mf-hooks2.c	2005-10-30 20:37:38.000000000 +0000
@@ -1679,8 +1679,10 @@ WRAPPER2(void *, dlopen, const char *pat
   void *p;
   size_t n;
   TRACE ("%s\n", __PRETTY_FUNCTION__);
- -  n = strlen (path);
- -  MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "dlopen path");
+  if (NULL != path) {
+    n = strlen (path);
+    MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "dlopen path");
+  }
   p = dlopen (path, flags);
   if (NULL != p) {
 #ifdef MF_REGISTER_dlopen

- -- System Information:
Debian Release: testing/unstable
  APT prefers experimental
  APT policy: (500, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages gcc-snapshot depends on:
ii  binutils           2.16.1cvs20050902-1   The GNU assembler, linker and bina
ii  libart-2.0-2       2.3.17-1              Library of functions for 2D graphi
ii  libatk1.0-0        1.10.3-1              The ATK accessibility toolkit
ii  libc6              2.3.5-7               GNU C Library: Shared libraries an
ii  libc6-dev          2.3.5-7               GNU C Library: Development Librari
ii  libcairo2          1.0.2-1               The Cairo 2D vector graphics libra
ii  libfontconfig1     2.3.2-1.1             generic font configuration library
ii  libfreetype6       2.1.10-1              FreeType 2 font engine, shared lib
ii  libglib2.0-0       2.8.3-1               The GLib library of C routines
ii  libgmp3c2          4.1.4-11              Multiprecision arithmetic library
ii  libgtk2.0-0        2.8.3-1               The GTK+ graphical user interface 
ii  libpango1.0-0      1.10.1-1              Layout and rendering of internatio
ii  libpng12-0         1.2.8rel-5            PNG library - runtime
ii  libx11-6           6.8.99.901.dfsg.1-1   X Window System protocol client li
ii  libxrender1        1:0.9.0+CVS20050919-2 X Rendering Extension client libra
ii  libxtst6           6.8.99.901.dfsg.1-1   X Window System event recording an
ii  xlibs              6.8.99.901.dfsg.1-1   X Window System client libraries m
ii  zlib1g             1:1.2.3-6             compression library - runtime

gcc-snapshot recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBQ2U22eWR/8lWBVPnAQOpewf/dnpt2OoQZbi7NmboBtxWvapyZoo5xTlg
EWJ2Tgv78SauIwya91o26FyG12+F3qpedy/VKQE8txkfQOVPOYtmnOd57KLNv7QJ
Q/7NYHp+AIaZD7KihuZOowZumoCXVmHjogJOT8cp4cPttduLWP5PgpplrS5T6uSz
bJXcNuhmupyBmTcx/2aPU3wglt/IEIimVEFSgAnZyWS9suHukdT2c0oaSdkxm57T
hMtX/xcK/eyQWjVC4DeQWk0G3nzSDHzZj/bnHbnC3tfuBlC8B90iI5jteCFUJmhX
RUMjGf46NbUQIOCxZzCU+1y6ws7woOXMChPhXDzW+ERGkfuxVKjbEA==
=iNA9
-----END PGP SIGNATURE-----



Changed Bug title. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://gcc.gnu.org/PR24619. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: upstream Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sid Request was from "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#336511; Package gcc-snapshot. (Mon, 01 Dec 2008 23:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>. (Mon, 01 Dec 2008 23:18:02 GMT) Full text and rfc822 format available.

Message #18 received at 336511@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: 336511@bugs.debian.org, control@bugs.debian.org
Subject: Instrumentation of dlopen is still incorrect
Date: Mon, 1 Dec 2008 23:15:13 +0000
[Message part 1 (text/plain, inline)]
tags 336511 -sid
clone 336511 -1 -2
reassign -1 libmudflap0
reassign -1 lib32mudflap0
kthxbye

The instrumentation of dlopen(3) remains incorrect.  Is there any
activity on this bug, either in Debian or upstream?  This bug has been
open over three years with a trivial patch and yet it is still present.

I have attached a testcase for easy diagnosis of the problem.  If the
program segfaults, then the bug is present.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[mudflap.c (text/x-csrc, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags removed: sid Request was from "brian m. carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. (Mon, 01 Dec 2008 23:18:09 GMT) Full text and rfc822 format available.

Bug 336511 cloned as bugs 507514, 507515. Request was from "brian m. carlson" <sandals@crustytoothpaste.ath.cx> to control@bugs.debian.org. (Mon, 01 Dec 2008 23:18:10 GMT) Full text and rfc822 format available.

Changed Bug submitter to '"brian m. carlson" <sandals@crustytoothpaste.net>' from '"Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>' Request was from "brian m. carlson" <sandals@crustytoothpaste.net> to control@bugs.debian.org. (Thu, 03 Feb 2011 20:51:32 GMT) Full text and rfc822 format available.

Added tag(s) wontfix. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 11 Nov 2013 17:39:25 GMT) Full text and rfc822 format available.

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Wed, 12 Feb 2014 12:39:11 GMT) Full text and rfc822 format available.

Notification sent to "brian m. carlson" <sandals@crustytoothpaste.net>:
Bug acknowledged by developer. (Wed, 12 Feb 2014 12:39:11 GMT) Full text and rfc822 format available.

Message #31 received at 507515-done@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@debian.org>
To: 336511-done@bugs.debian.org, 507515-done@bugs.debian.org
Subject: mudflap removed in GCC trunk
Date: Wed, 12 Feb 2014 13:37:36 +0100
mudflap removed in GCC trunk, closing open issues.



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 13 Mar 2014 07:27:12 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:48:32 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.