← Back to team overview

touch-packages team mailing list archive

[Bug 1391976] Re: Loading libmircommon.so twice leads to a segfault in libprotobuf.so

 

Analysis
--------

The core of the problem is that it's not safe to reuse libprotobuf after
calling google::protobuf::ShutdownProtobufLibrary() without unloading and
reloading the library first. Note that libraries/executables that use protobuf
(e.g. libmirprotobuf) use libprotobuf code also during static initialization,
that's why we see the issue when just loading/unloading these libraries.

libprotobuf uses flags to ensure initialization code is run once (see
GoogleInitOnce() and friends), but these flags are not reset during shutdown.
So, if the library is not reloaded and we try to call libprotobuf code
after shutdown, the code thinks that everything is already initialized and
ends up accessing data structures that have been deallocated.

In the scenario described in the bug, libprotobuf is not unloaded when
unloading the mir libraries because libstdc++ is bound to (i.e., needs a symbol from)
libprotobuf.  libprotobuf contains an instantiation of a string template
function [1] from the standard c++ library and exports that instantiation as a
weak symbol (as expected). libstdc++ itself also needs the same template
function instantiation, and the linker resolves the symbol by choosing the
instantiation from libprotobuf (which is acceptable behavior).

Proposed solution
-----------------

Ensure libprotobuf can be reused after shutdown by properly resetting "once"
flags on ShutdownProtobufLibrary(). First experiments are promising, but "once"
flags are used extensively in the code base and also in generated code, so
great care needs to be taken. It's also not known if upstream is willing to
accept such patches.

[1] _ZNSs12_S_constructIPcEES0_T_S1_RKSaIcESt20forward_iterator_tag


** Description changed:

  Can be reproduced with: load_twice libmircommon.so.1 (or .2)
+ For recent versions of mir use: load_twice libmirclient.so.X (currently .8)
  
  load_twice.c:
  
  #include <stdio.h>
  #include <dlfcn.h>
-      
+ 
  int main(int argc, char** argv)
  {
-     void *dl;
-     int i;
-      
-     for (i = 0; i < 2; i++)
-     {
-        dl = dlopen (argv[1], RTLD_LAZY);
-        printf ("%d open dl: %p\n", i,  dl);  
-        if (dl)
-            dlclose (dl);
-     }
+     void *dl;
+     int i;
+ 
+     for (i = 0; i < 2; i++)
+     {
+        dl = dlopen (argv[1], RTLD_LAZY);
+        printf ("%d open dl: %p\n", i,  dl);
+        if (dl)
+            dlclose (dl);
+     }
  }

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mir in Ubuntu.
https://bugs.launchpad.net/bugs/1391976

Title:
  Loading libmircommon.so twice leads to a segfault in libprotobuf.so

Status in Mir:
  Confirmed
Status in mir package in Ubuntu:
  Confirmed

Bug description:
  Can be reproduced with: load_twice libmircommon.so.1 (or .2)
  For recent versions of mir use: load_twice libmirclient.so.X (currently .8)

  load_twice.c:

  #include <stdio.h>
  #include <dlfcn.h>

  int main(int argc, char** argv)
  {
      void *dl;
      int i;

      for (i = 0; i < 2; i++)
      {
         dl = dlopen (argv[1], RTLD_LAZY);
         printf ("%d open dl: %p\n", i,  dl);
         if (dl)
             dlclose (dl);
      }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/mir/+bug/1391976/+subscriptions