Closed
Bug 824715
Opened 12 years ago
Closed 12 years ago
Wrong next page offset in custom linker
Categories
(Core :: mozglue, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: jchen, Assigned: jchen)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.17 KB,
patch
|
glandium
:
review+
|
Details | Diff | Splinter Review |
The line at http://mxr.mozilla.org/mozilla-central/source/mozglue/linker/CustomElf.cpp#442 calculates the page boundary at or after file_end. However, if file_end is already on a page boundary, the calculated next_page is one extra page over. If mem_end is between file_end and the wrong next_page, we never allocate the extra page to accommodate mem_end and that results in seg faults.
I've only seen this happen with libmozalloc.so when using NDKr8/gold and turning on the crash reporter.
> arm-linux-androideabi-readelf -l libmozalloc.so
>
> Program Headers:
> Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
> LOAD 0x000000 0x00000000 0x00000000 0x00a6d 0x00a6d R E 0x8000
> LOAD 0x000ee0 0x00008ee0 0x00008ee0 0x00120 0x00124 RW 0x8000
Note that the second segment has file_end at 0x1000 and mem_end at 0x1004.
|
Assignee | |
Comment 1•12 years ago
|
||
This patch fixes the issue
Attachment #695757 -
Flags: review?(mh+mozilla)
|
||
Comment 2•12 years ago
|
||
(In reply to Jim Chen [:jchen :nchen] from comment #0)
> The line at
> http://mxr.mozilla.org/mozilla-central/source/mozglue/linker/CustomElf.
> cpp#442 calculates the page boundary at or after file_end. However, if
> file_end is already on a page boundary, the calculated next_page is one
> extra page over. If mem_end is between file_end and the wrong next_page, we
> never allocate the extra page to accommodate mem_end and that results in seg
> faults.
mprotect() doesn't allocate.
|
|
||
Comment 3•12 years ago
|
||
Comment on attachment 695757 [details] [diff] [review]
Correctly calculate next page offset in custom linker (v1)
Review of attachment 695757 [details] [diff] [review]:
-----------------------------------------------------------------
::: mozglue/linker/CustomElf.cpp
@@ +438,5 @@
> * flags. */
> if (pt_load->p_memsz > pt_load->p_filesz) {
> Addr file_end = pt_load->p_vaddr + pt_load->p_filesz;
> Addr mem_end = pt_load->p_vaddr + pt_load->p_memsz;
> + Addr next_page = ((file_end - 1) & ~(PAGE_SIZE - 1)) + PAGE_SIZE;
(file_end + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1)
would be better.
Attachment #695757 -
Flags: review?(mh+mozilla) → review-
|
|
Assignee | |
Comment 4•12 years ago
|
||
> (file_end + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1)
> would be better.
Okay
Attachment #695757 -
Attachment is obsolete: true
Attachment #695762 -
Flags: review?(mh+mozilla)
|
|
||
Updated•12 years ago
|
Attachment #695762 -
Flags: review?(mh+mozilla) → review+
|
|
||
Updated•12 years ago
|
Assignee: nobody → nchen
|
|
Assignee | |
Comment 5•12 years ago
|
||
Status: NEW → ASSIGNED
Flags: in-testsuite-
|
||
Comment 6•12 years ago
|
||
Backed out as part of a set of patches suspected of causing permaorange Android 2.2 opt m2 and m3:
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/d2552e3d3ed6
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/e497c2e40dc6
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/22e38c3125e9
|
|
Assignee | |
Comment 7•12 years ago
|
||
Patch passes try with Android 2.2 opt m2 and m3:
https://tbpl.mozilla.org/?tree=Try&rev=dce76adea677
So I think I will push again soon.
|
|
Assignee | |
Comment 8•12 years ago
|
||
|
||
Comment 9•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in
before you can comment on or make changes to this bug.
Description
•