Closed
Bug 947083
Opened 11 years ago
Closed 11 years ago
elf-dynstr-gc can cause startup (and/or shutdown) crashes
Categories
(Firefox Build System :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla28
People
(Reporter: cjones, Assigned: glandium)
Details
Attachments
(1 file)
|
40.91 KB,
patch
|
ted
:
review+
|
Details | Diff | Splinter Review |
The problem is that it can move .init_array/.fini_array sections, but doesn't seem to update the INIT_ARRAY/FINI_ARRAY entries in .dynamic. Then when the object is loaded and an attempt is made to call the init functions, the array is in the wrong place and random bad things happen. An audit of all the .so's produced by the build showed the bug in these
* toolkit/system/gnome/libmozgnome.so
* toolkit/system/dbus/libdbusservice.so
* browser/components/build/libbrowsercomps.so
These are all binary xpcom modules, but that might just be a coincidence.
The "smoking gun" is
$ /home/cjones/rr/ff-prof/_virtualenv/bin/python /home/cjones/rr/mozilla-central/config/expandlibs_exec.py --depend .deps/libdbusservice.so.pp --target libdbusservice.so --uselist -- clang++ [...snip]
$ readelf -a libdbusservice.so | egrep '(INIT_ARRAY|FINI_ARRAY)'
[24] .fini_array FINI_ARRAY 0001a9a8 0199a8 000004 00 WA 0 0 4
[25] .init_array INIT_ARRAY 0001a9ac 0199ac 000004 00 WA 0 0 4
0x0000001a (FINI_ARRAY) 0x1a9a8
0x0000001c (FINI_ARRAYSZ) 4 (bytes)
0x00000019 (INIT_ARRAY) 0x1a9ac
0x0000001b (INIT_ARRAYSZ) 4 (bytes)
[Ed: Section offsets match the .dynamic entries above ^^^]
$ ../../../config/elf-dynstr-gc ../../../dist/bin/components/libdbusservice.so
$ readelf -a libdbusservice.so | egrep '(INIT_ARRAY|FINI_ARRAY)'
[24] .fini_array FINI_ARRAY 0001a998 019998 000004 00 WA 0 0 4
[25] .init_array INIT_ARRAY 0001a99c 01999c 000004 00 WA 0 0 4
0x0000001a (FINI_ARRAY) 0x1a9a8
0x0000001c (FINI_ARRAYSZ) 4 (bytes)
0x00000019 (INIT_ARRAY) 0x1a9ac
0x0000001b (INIT_ARRAYSZ) 4 (bytes)
[Ed: .fini_array/.init_array sections moved, but the .dynamic entries weren't updated above ^^^]
Then, attempting to dlopen() this library causes a crash calling a NULL .init_array function.
|
Assignee | |
Comment 1•11 years ago
|
||
Can you attach one of the pre-elf-dynstr-gc .so ?
|
|
Assignee | |
Comment 2•11 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #1)
> Can you attach one of the pre-elf-dynstr-gc .so ?
In fact, forget it. I just did a build on try without it enabled nor elfhack, got all the .so from there, uncommented the printfs telling the new and old sizes in elf-dynstr-gc.c, and ran the program on all the .sos. This is what that gives:
New dynstr size: 10245
Old dynstr size: 10169
New dynstr size: 25613
Old dynstr size: 24545
New dynstr size: 908
Old dynstr size: 837
New dynstr size: 4907
Old dynstr size: 4853
New dynstr size: 6790
Old dynstr size: 6091
New dynstr size: 8839
Old dynstr size: 8768
New dynstr size: 1856
Old dynstr size: 1806
New dynstr size: 2408
Old dynstr size: 2351
New dynstr size: 1812
Old dynstr size: 1762
New dynstr size: 1355
Old dynstr size: 1327
New dynstr size: 6463
Old dynstr size: 6452
New dynstr size: 400483
Old dynstr size: 399902
New dynstr size: 2702
Old dynstr size: 2679
New dynstr size: 744
Old dynstr size: 652
New dynstr size: 792
Old dynstr size: 792
New dynstr size: 2390
Old dynstr size: 2385
New dynstr size: 622
Old dynstr size: 622
With those sizes, it just does ... nothing.
It looks like it *did* something for you for some reason, and considering the section offset changes, it saves 16 bytes for you. Worthless.
Moreover, it only works on linux x86 32-bits and ppc. Not 64-bits, not arm. And it doesn't support cross compile.
So, to summarize: elf-dynstr-gc can die.
|
|
Assignee | |
Comment 3•11 years ago
|
||
Attachment #8343587 -
Flags: review?(ted)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
|
||
Comment 4•11 years ago
|
||
Comment on attachment 8343587 [details] [diff] [review]
Kill elf-dynstr-gc
Review of attachment 8343587 [details] [diff] [review]:
-----------------------------------------------------------------
Exciting!
Attachment #8343587 -
Flags: review?(ted) → review+
|
|
Assignee | |
Comment 5•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
|
||
Updated•7 years ago
|
Product: Core → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•