[Pkg-cmake-team] Bug#969890: cmake: segfaults in dl-lookup.c:158 check_match() "UI_set_result"

Claude Heiland-Allen claude at mathr.co.uk
Tue Sep 8 12:44:26 BST 2020 

Package: cmake
Version: 3.18.2-1
Severity: important

Dear Maintainer,

   * What led up to the situation?

I tried to run cmake from bullseye/testing without arguments, it segfaulted immediately.
Upgrading to latest from sid/unstable did not fix it.


$ valgrind cmake
==6021== Memcheck, a memory error detector
==6021== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6021== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==6021== Command: cmake
==6021== 
==6021== Invalid read of size 1
==6021==    at 0x401C040: strcmp (strcmp.S:144)
==6021==    by 0x4009F9B: check_match (dl-lookup.c:122)
==6021==    by 0x400A3A3: do_lookup_x (dl-lookup.c:436)
==6021==    by 0x400ACE0: _dl_lookup_symbol_x (dl-lookup.c:861)
==6021==    by 0x400C843: elf_machine_rela (dl-machine.h:308)
==6021==    by 0x400C843: elf_dynamic_do_Rela (do-rel.h:137)
==6021==    by 0x400C843: _dl_relocate_object (dl-reloc.c:274)
==6021==    by 0x40049A7: dl_main (rtld.c:2310)
==6021==    by 0x401998E: _dl_sysdep_start (dl-sysdep.c:252)
==6021==    by 0x4002033: _dl_start_final (rtld.c:485)
==6021==    by 0x4002033: _dl_start (rtld.c:575)
==6021==    by 0x4001097: ??? (in /lib/x86_64-linux-gnu/ld-2.31.so)
==6021==  Address 0x9691974 is not stack'd, malloc'd or (recently) free'd
==6021== 
==6021== 
==6021== Process terminating with default action of signal 11 (SIGSEGV)
==6021==  Access not within mapped region at address 0x9691974
==6021==    at 0x401C040: strcmp (strcmp.S:144)
==6021==    by 0x4009F9B: check_match (dl-lookup.c:122)
==6021==    by 0x400A3A3: do_lookup_x (dl-lookup.c:436)
==6021==    by 0x400ACE0: _dl_lookup_symbol_x (dl-lookup.c:861)
==6021==    by 0x400C843: elf_machine_rela (dl-machine.h:308)
==6021==    by 0x400C843: elf_dynamic_do_Rela (do-rel.h:137)
==6021==    by 0x400C843: _dl_relocate_object (dl-reloc.c:274)
==6021==    by 0x40049A7: dl_main (rtld.c:2310)
==6021==    by 0x401998E: _dl_sysdep_start (dl-sysdep.c:252)
==6021==    by 0x4002033: _dl_start_final (rtld.c:485)
==6021==    by 0x4002033: _dl_start (rtld.c:575)
==6021==    by 0x4001097: ??? (in /lib/x86_64-linux-gnu/ld-2.31.so)
==6021==  If you believe this happened as a result of a stack
==6021==  overflow in your program's main thread (unlikely but
==6021==  possible), you can try to increase the size of the
==6021==  main thread stack using the --main-stacksize= flag.
==6021==  The main thread stack size used in this run was 8388608.
==6021== Jump to the invalid address stated on the next line
==6021==    at 0x1036: ???
==6021==    by 0x4009F9B: check_match (dl-lookup.c:122)
==6021==    by 0x400A3A3: do_lookup_x (dl-lookup.c:436)
==6021==    by 0x400ACE0: _dl_lookup_symbol_x (dl-lookup.c:861)
==6021==    by 0x400C843: elf_machine_rela (dl-machine.h:308)
==6021==    by 0x400C843: elf_dynamic_do_Rela (do-rel.h:137)
==6021==    by 0x400C843: _dl_relocate_object (dl-reloc.c:274)
==6021==    by 0x40049A7: dl_main (rtld.c:2310)
==6021==    by 0x401998E: _dl_sysdep_start (dl-sysdep.c:252)
==6021==    by 0x4002033: _dl_start_final (rtld.c:485)
==6021==    by 0x4002033: _dl_start (rtld.c:575)
==6021==    by 0x4001097: ??? (in /lib/x86_64-linux-gnu/ld-2.31.so)
==6021==  Address 0x1036 is not stack'd, malloc'd or (recently) free'd
==6021== 
==6021== 
==6021== Process terminating with default action of signal 11 (SIGSEGV)
==6021==  Bad permissions for mapped region at address 0x1036
==6021==    at 0x1036: ???
==6021==    by 0x4009F9B: check_match (dl-lookup.c:122)
==6021==    by 0x400A3A3: do_lookup_x (dl-lookup.c:436)
==6021==    by 0x400ACE0: _dl_lookup_symbol_x (dl-lookup.c:861)
==6021==    by 0x400C843: elf_machine_rela (dl-machine.h:308)
==6021==    by 0x400C843: elf_dynamic_do_Rela (do-rel.h:137)
==6021==    by 0x400C843: _dl_relocate_object (dl-reloc.c:274)
==6021==    by 0x40049A7: dl_main (rtld.c:2310)
==6021==    by 0x401998E: _dl_sysdep_start (dl-sysdep.c:252)
==6021==    by 0x4002033: _dl_start_final (rtld.c:485)
==6021==    by 0x4002033: _dl_start (rtld.c:575)
==6021==    by 0x4001097: ??? (in /lib/x86_64-linux-gnu/ld-2.31.so)
==6021== 
==6021== HEAP SUMMARY:
==6021==     in use at exit: 0 bytes in 0 blocks
==6021==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==6021== 
==6021== All heap blocks were freed -- no leaks are possible
==6021== 
==6021== For lists of detected and suppressed errors, rerun with: -s
==6021== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault


$ gdb cmake
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from cmake...
(No debugging symbols found in cmake)
(gdb) run
Starting program: /usr/bin/cmake 

Program received signal SIGSEGV, Segmentation fault.
strcmp () at ../sysdeps/x86_64/strcmp.S:246
246	../sysdeps/x86_64/strcmp.S: No such file or directory.
(gdb) bt
#0  strcmp () at ../sysdeps/x86_64/strcmp.S:246
#1  0x00007ffff7fdbf9c in check_match (undef_name=undef_name at entry=0x7ffff71232db "UI_set_result", ref=ref at entry=0x7ffff7106c68, version=version at entry=0x7ffff4aedb00, flags=flags at entry=9, 
    type_class=type_class at entry=1, sym=0x7ffff7106c68, symidx=2616, strtab=0x7ffff71120b0 "", map=0x7ffff746c510, versioned_sym=0x7fffffffdb98, num_versions=0x7fffffffdb94) at dl-lookup.c:158
#2  0x00007ffff7fdc3a4 in do_lookup_x (undef_name=undef_name at entry=0x7ffff71232db "UI_set_result", new_hash=new_hash at entry=2955934668, old_hash=old_hash at entry=0x7fffffffdc50, ref=0x7ffff7106c68, 
    result=result at entry=0x7fffffffdc60, scope=<optimized out>, i=<optimized out>, version=0x7ffff4aedb00, flags=9, skip=<optimized out>, type_class=1, undef_map=0x7ffff746c510) at dl-lookup.c:436
#3  0x00007ffff7fdcce1 in _dl_lookup_symbol_x (undef_name=0x7ffff71232db "UI_set_result", undef_map=undef_map at entry=0x7ffff746c510, ref=ref at entry=0x7fffffffdd78, symbol_scope=symbol_scope at entry=0x7ffff746c878, 
    version=0x7ffff4aedb00, type_class=1, flags=9, skip_map=0x0) at dl-lookup.c:861
#4  0x00007ffff7fde844 in elf_machine_rela (skip_ifunc=<optimized out>, reloc_addr_arg=0x7ffff73d3760, version=<optimized out>, sym=0x7ffff7106c68, reloc=0x7ffff7172f50, map=0x7ffff746c510)
    at ../sysdeps/x86_64/dl-machine.h:308
#5  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=0x7ffff746c510) at do-rel.h:137
#6  _dl_relocate_object (l=l at entry=0x7ffff746c510, scope=<optimized out>, reloc_mode=<optimized out>, consider_profiling=<optimized out>, consider_profiling at entry=0) at dl-reloc.c:274
#7  0x00007ffff7fd69a8 in dl_main (phdr=<optimized out>, phnum=<optimized out>, user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2310
#8  0x00007ffff7feb98f in _dl_sysdep_start (start_argptr=start_argptr at entry=0x7fffffffe1a0, dl_main=dl_main at entry=0x7ffff7fd44e0 <dl_main>) at ../elf/dl-sysdep.c:252
#9  0x00007ffff7fd4034 in _dl_start_final (arg=0x7fffffffe1a0) at rtld.c:485
#10 _dl_start (arg=0x7fffffffe1a0) at rtld.c:575
#11 0x00007ffff7fd3098 in _start () from /lib64/ld-linux-x86-64.so.2
#12 0x0000000000000001 in ?? ()
#13 0x00007fffffffe4a8 in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb) quit
A debugging session is active.

	Inferior 1 [process 6025] will be killed.

Quit anyway? (y or n) y



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.0-3-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cmake depends on:
ii  cmake-data    3.18.2-1
ii  libarchive13  3.4.3-2
ii  libc6         2.31-3
ii  libcurl4      7.72.0-1
ii  libexpat1     2.2.9-1
ii  libgcc-s1     10.2.0-6
ii  libjsoncpp1   1.7.4-3.1
ii  librhash0     1.4.0-1
ii  libstdc++6    10.2.0-6
ii  libuv1        1.38.0-3
ii  procps        2:3.3.16-5
ii  zlib1g        1:1.2.11.dfsg-2

Versions of packages cmake recommends:
ii  gcc   4:10.1.0-1
ii  make  4.3-4

Versions of packages cmake suggests:
pn  cmake-doc    <none>
pn  ninja-build  <none>

-- no debconf information

More information about the Pkg-cmake-team mailing list