kernel-packages team mailing list archive

Thread
Date
[Bug 1471029] Re: ELF programs with R_386_RELATIVE blocks are badly mapped into memory

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Douglas Bagnall <douglas@xxxxxxxxxxx>
Date: Wed, 22 Jul 2015 03:06:09 -0000
Reply-to: Bug 1471029 <1471029@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
So, it isn't the ld-linux.so, it is the kernel on 32 bit i386, where
exec is loading PIE elf binaries in such a way that the heap and the
stack are next to each other and have very little room. About 20% of
/usr/bin/* (and others, like /bin/systemd) on the vivid cloud image is
affected, though in many cases their memory use is too low to cause
problems.

The problem was discovered in the samba test suite, which uses xsltproc
to generate manpages. One of the bigger man pages caused a segfault.


** Package changed: glibc (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1471029

Title:
  ELF programs with R_386_RELATIVE blocks are badly mapped into memory

Status in libxslt package in Ubuntu:
  Triaged
Status in linux package in Ubuntu:
  New

Bug description:
  Running the Samba autobuild tests on a 15.04 openstack image results
  in a segfault in this command:

  /usr/bin/xsltproc --nonet -o default/docs-xml/manpages/smb.conf.5
  /home/ubuntu/autobuild/b22271/samba/docs-xml/xslt/man.xsl default
  /docs-xml/manpages/smb.conf.5.xml

  I reported this upstream as a bug in xsltproc, but it was found to be
  impossible to reproduce using upstream source on the openstack
  instance:

  https://bugzilla.gnome.org/show_bug.cgi?id=751764

  Comment 8 (https://bugzilla.gnome.org/show_bug.cgi?id=751764#c8) is
  particularly informative.

  The stack trace below shows the segfault actually occurs in libxml's
  xpath evaluation functions. I see no difference between xpath.c in
  upstream 2.9.2 and Ubuntu's version.

  (gdb) bt 12
  #0  0xb760f874 in xmlXPathCompOpEval (ctxt=0xba25d3e8, op=0xb86bc818) at ../../xpath.c:13606
  #1  0xb760f82e in xmlXPathCompOpEval (ctxt=0xba25d3e8, op=0xb86bc890) at ../../xpath.c:13598
  #2  0xb7610244 in xmlXPathCompOpEval (ctxt=0xba25d3e8, op=0xb86bc8b8) at ../../xpath.c:13529
  #3  0xb760f9d6 in xmlXPathCompOpEval (ctxt=0xba25d3e8, op=0xb86bc8e0) at ../../xpath.c:13977
  #4  0xb7612735 in xmlXPathCompOpEval (op=<optimized out>, ctxt=0xba25d3e8) at ../../xpath.c:14552
  #5  xmlXPathRunEval (ctxt=0xba25d3e8, toBool=<optimized out>) at ../../xpath.c:14552
  #6  0xb76171ed in xmlXPathCompiledEvalInternal (toBool=0, resObj=<synthetic pointer>, ctxt=<optimized out>, comp=<optimized out>) at ../../xpath.c:14915
  #7  xmlXPathCompiledEval__internal_alias (comp=0xb866a948, ctx=0xb99bd308) at ../../xpath.c:14978
  #8  0xb7787260 in xsltEvalVariable (ctxt=ctxt@entry=0xb9836560, variable=variable@entry=0xba25d3b0, castedComp=0xb86a4238) at ../../../libxslt/variables.c:903
  #9  0xb778759a in xsltBuildVariable (ctxt=0xb9836560, castedComp=0xb86a4238, tree=0xb86a6978) at ../../../libxslt/variables.c:1759
  #10 0xb7788bfa in xsltParseStylesheetCallerParam (ctxt=0xb86a6978, inst=0xb86a6978) at ../../../libxslt/variables.c:1975
  #11 0xb779b9db in xsltCallTemplate (ctxt=0xb9836560, node=0xb85efed8, inst=0xb86a6880, castedComp=0xb86a4148) at ../../../libxslt/transform.c:4739
  (More stack frames follow...)

  (gdb) bt -5
  #3311 0xb779a7de in xsltProcessOneNode (ctxt=0xb9836560, contextNode=0xb97586a0, withParams=0x0) at ../../../libxslt/transform.c:2097
  #3312 0xb779d818 in xsltApplyStylesheetInternal (style=0xba25d3e8, style@entry=0xb85ee200, doc=0xb86bc7f0, doc@entry=0xb97586a0, params=0xb77ed340 <params>, 
      output=0xb85e13e0 "default/docs-xml/manpages/smb.conf.5", profile=0x0, userCtxt=0xb9836560) at ../../../libxslt/transform.c:6159
  #3313 0xb779df8d in xsltRunStylesheetUser (style=0xb85ee200, doc=0xb97586a0, params=0xb77ed340 <params>, output=0xb85e13e0 "default/docs-xml/manpages/smb.conf.5", SAX=0x0, IObuf=0x0, 
      profile=0x0, userCtxt=0xb9836560) at ../../../libxslt/transform.c:6449
  #3314 0xb77ea12c in xsltProcess (doc=0xb97586a0, cur=0xb85ee200, filename=0xbfd59812 "default/docs-xml/manpages/smb.conf.5.xml") at ../../../xsltproc/xsltproc.c:483
  #3315 0xb77e9298 in main (argc=6, argv=0xbfd58f94) at ../../../xsltproc/xsltproc.c:903

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxslt/+bug/1471029/+subscriptions