about summary refs log tree commit diff
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2014-09-29 13:14:21 -0400
committerCarlos O'Donell <carlos@redhat.com>2014-09-29 14:15:02 -0400
commit62058ce612ed3459501b4c4332e268edfe977f59 (patch)
tree363e730d506799c6635500790c02f265a38701d7
parent8e257a2959818cfa31bdc7c04ebb4ef5d7101775 (diff)
downloadglibc-62058ce612ed3459501b4c4332e268edfe977f59.tar.gz
glibc-62058ce612ed3459501b4c4332e268edfe977f59.tar.xz
glibc-62058ce612ed3459501b4c4332e268edfe977f59.zip
Correctly size profiling reloc table (bug 17411)
During auditing or profiling modes the dynamic loader
builds a cache of the relocated PLT entries in order
to reuse them when called again through the same PLT
entry. This way the PLT entry is never completed and
the call into the resolver always results in profiling
or auditing code running.

The problem is that the PLT relocation cache size
is not computed correctly. The size of the cache
should be "Size of a relocation result structure"
x "Number of PLT-related relocations". Instead the
code erroneously computes "Size of a relocation
result" x "Number of bytes worth of PLT-related
relocations". I can only assume this was a mistake
in the understanding of the value of DT_PLTRELSZ
which is the number of bytes of PLT-related relocs.
We do have a DT_RELACOUNT entry, which is a count
for dynamic relative relocs, but we have no
DT_PLTRELCOUNT and thus we need to compute it.

This patch corrects the computation of the size of the
relocation table used by the glibc profiling code.

For more details see:
https://sourceware.org/ml/libc-alpha/2014-09/msg00513.html

	[BZ #17411]
	* elf/dl-reloc.c (_dl_relocate_object): Allocate correct amount for
	l_reloc_result.
-rw-r--r--ChangeLog7
-rw-r--r--NEWS2
-rw-r--r--elf/dl-reloc.c8
3 files changed, 14 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 87ace922a8..2c607d9206 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2014-09-29  Carlos O'Donell  <carlos@redhat.com>
+	    Matthew LeGendre  <legendre1@llnl.gov>
+
+	[BZ #17411]
+	* elf/dl-reloc.c (_dl_relocate_object): Allocate correct amount for
+	l_reloc_result.
+
 2014-09-29  Kostya Serebryany  <konstantin.s.serebryany@gmail.com>
 
 	* stdio-common/printf_fp.c
diff --git a/NEWS b/NEWS
index 94c065686a..ef982687a7 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.21
 
 * The following bugs are resolved with this release:
 
-  6652, 14171, 17266, 17363, 17370, 17371.
+  6652, 14171, 17266, 17363, 17370, 17371, 17411.
 
 Version 2.20
 
diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
index d2c6dac69e..97a7119d13 100644
--- a/elf/dl-reloc.c
+++ b/elf/dl-reloc.c
@@ -279,8 +279,12 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
 			      l->l_name);
 	  }
 
-	l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]),
-				    l->l_info[DT_PLTRELSZ]->d_un.d_val);
+	size_t sizeofrel = l->l_info[DT_PLTREL]->d_un.d_val == DT_RELA
+			   ? sizeof (ElfW(Rela))
+			   : sizeof (ElfW(Rel));
+	size_t relcount = l->l_info[DT_PLTRELSZ]->d_un.d_val / sizeofrel;
+	l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]), relcount);
+
 	if (l->l_reloc_result == NULL)
 	  {
 	    errstring = N_("\