[Pkg-cmake-team] Bug#820334: Segfaults caused by new DT_MIPS_RLD_MAP_REL tag and RPATH removers
Mathieu Malaterre
malat at debian.org
Thu Apr 7 13:45:13 UTC 2016
Package: src:cmake
Version: 3.0.2-1
Hi,
I've managed to find the cause of the openmpi segfault (#818909). It
might affect a number of different packages.
The segfault is caused by the interaction of the
new DT_MIPS_RLD_MAP_REL dynamic tag (from binutils 2.26) and chrpath.
Unlike all other tags, this tag is relative to the offset of the tag
within the executable. chrpath is used to remove rpaths from ELF files.
It does this by moving all of the other dynamic tags up one entry, but
since the DT_MIPS_RLD_MAP_REL is not updated, it now points to an
incorrect offset. The dynamic linker will then overwrite some other
memory when processing the DT_MIPS_RLD_MAP_REL tag.
The openmpi segfault was caused by a global variable being initialized
incorrectly (overwritten by the dynamic linker). I expect other
executables using chrpath will also be affected - possibly in strange
ways (not nessesarily a segfault).
It also seems that at least cmake uses the same technique for removing
the RPATH so any cmake reverse dependencies could be affected. The
DT_MIPS_RLD_MAP_REL is only created for executables which limits the
effect of this slightly. Only packages built using binutils
>= 2.25.51.20151014-1 will be affected.
There is a convinient way to test if a package is broken using the
presence of the old DT_MIPS_RLD_MAP tag. When correct
(DT_MIPS_RLD_MAP_REL + tag offset + executable base address) equals
DT_MIPS_RLD_MAP, so someone could analyze the archive to find which
packages are affected (any if any tools other than chrpath and cmake
are broken).
Based only on chrpath and cmake reverse dependencies, there is an upper
bound of about 1500 binNMUs (after the tools after fixed). Hopefully
that can be reduced!
I really don't have any time to fix all this. Please can someone else
have a look!
OpenMPI maintainers (and anyone else affected):
One possible workaround is to use chrpath -r "" <file> on mips*
architectures until this is fixed since that command does not cause any
tags to be moved. It has a tiny performance penalty but should
otherwise work properly.
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cmake-team/attachments/20160407/64d50083/attachment.sig>
More information about the Pkg-cmake-team
mailing list