Date: Tue, 14 Feb 2006 06:32:59 GMT From: Qu Fuping <qufuping@ercist.iscas.ac.cn> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/93317: ld-elf.so doesn't translate unresolved weak symbol into 0 Message-ID: <200602140632.k1E6WxMN089914@www.freebsd.org> Resent-Message-ID: <200602140640.k1E6e4OR055920@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93317 >Category: bin >Synopsis: ld-elf.so doesn't translate unresolved weak symbol into 0 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 14 06:40:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Qu Fuping >Release: FreeBSD 6.0-RELEASE i386 >Organization: IOS of CAS, China >Environment: FreeBSD coolq.localdomain 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 >Description: In ELF-spec, it quotes(page 69 of 106 from TLS-elf spec v1.2) "When the link editor searches archive libraries, it extracts archive members that contain definitions of undefined global symbols. The member's definition may be either a global or a weak symbol. The link editor does not extract archive members to resolve undefined weak symbols. Unresolved weak symbols have a zero value." I meet this problem when I implement PIE support for FreeBSD. See http://mirror.vtx.ch/hlfs/view/unstable/glibc/chapter02/pie.html for information about PIE. I modified kernel, libc, gcc, so it can generate PIE, and load it properly. But when ld-elf resolves symbols, things go wrong. The PIE contains a weak symbol named __register_frame_info, in gcc, it's called like this(in crtstuff.c) if(__register_frame_info) __register_frame_info(__EH_FRAME_BEGIN, &object); in rtld-elf/i386/reloc.c the "__register_frame_info" is resolved by reloc_non_plt .... case R_386_GLOB_DAT: { const Elf_Sym *def; const Obj_Entry *defobj; def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, false, cache); if (def == NULL) goto done; *where = (Elf_Addr) (defobj->relocbase + def->st_value); } break; .... Since __register_frame_info is a weak symbol, it should resolve to 0 according to elf-spec. find_symdef DO returns a reference to "static sym_zero", def->st_value = 0, but for PIE, defobj->relocbase != 0, so this symbol is resolved to defobj->relocbase, and the app will jump to defobj->relocbase, then segmentation fault :( >How-To-Repeat: The PIE contains lots of modifications, but I think the full description above is self-explained. >Fix: if find_symdef returns sym_zero, it should be *where = (Elf_Addr)0; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602140632.k1E6WxMN089914>