Notice: We have migrated to GitLab launching 2024-05-01 see here: https://gitlab.rtems.org/

#4978 new defect

dl05 fails when memory is not zeroed out

Reported by: daniel.cederman Owned by:
Priority: normal Milestone:
Component: lib/dl Version: 6
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

The .eh_frame section in the loaded object file does not contain a terminator entry. When the unwinder is executed after an exception it will read uninitialized memory after the end of the .eh_frame. If the memory is zeroed out before loading the test, the data read will be 0 which acts as a terminator. If it is not zeroed out, the unwinder will continue and likely cause a data exception.

Test was built using the rtems source builder and executed on a Leon system.

Change History (7)

comment:1 Changed on 12/13/23 at 13:59:30 by Joel Sherrill

Just to clarify, the memory needing to be zeroed is the destination area in RAM where the .eh_frame is loaded. Right?

And is there any chance, the ctor/dtor list also needs this?

Should libdl just use calloc() and not malloc()?

comment:2 Changed on 12/13/23 at 15:05:12 by daniel.cederman

It is the word right after the .eh_frame that needs to be zero, so I do not think using calloc() would help. It is my understanding that the linker usually the termination zero, so maybe libdl needs some special handling of this section? I am not familiar with the libdl code so I do not know what the correct approach would be.

comment:3 Changed on 12/13/23 at 16:24:57 by Sebastian Huber

My off hand guess is that the terminator is provided by the CRT begin/end files which are not present when you load an object.

comment:4 Changed on 12/13/23 at 19:11:49 by Sebastian Huber

Yes, it is in crtend.o:

Disassembly of section .eh_frame:

00000000 <__FRAME_END__>:
   0:   00 00 00 00     unimp  0

comment:5 Changed on 12/13/23 at 20:25:47 by Chris Johns

Is this an arch specific issue? Is there a standard or ABI that documents this?

comment:6 Changed on 12/15/23 at 11:24:31 by daniel.cederman

It is not a SPARC specific issue, I think most architectures use the same format for elf-files. I could not find any good standard or documents for it. There is this page that describes the format, https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html, and in libgcc there is a generic check in last_fde that checks if an entry has the length 0 or not to determine if it has reached the end of the table.

comment:7 Changed on 12/18/23 at 03:06:40 by Chris Johns

I think zeroing the memory is fine but you cannot just exchange the call to malloc to calloc because libdl has an allocator interface so that interface has to be updated to reflect the memory needs to be zeroed. This may be as a simple as updating a comment to state this but I have not checked.

Last edited on 12/18/23 at 03:09:42 by Chris Johns (previous) (diff)
Note: See TracTickets for help on using tickets.