Add upstream fix for a bug in labeling PLT slots

2015-01-07 15:46:24 +01:00 · 2015-01-07 15:46:24 +01:00 · a23b75f310
commit a23b75f310
parent 155cbc3dc7
3 changed files with 144 additions and 1 deletions
--- a/ltrace-0.7.91-x86-plt_map.patch
+++ b/ltrace-0.7.91-x86-plt_map.patch
@ -0,0 +1,101 @@
+From fba95ad936f1d8c1052259bae811f1fc07f9a215 Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Thu, 30 Oct 2014 01:48:17 +0100
+Subject: [PATCH] Initialize the PLT slot map correctly on x86 and x86_64
+
+The PLT slot map translates relocation numbers to PLT slot numbers,
+but was actually initialized in the opposite direction.  Fix the way
+it's initialized.  This bug can be seen on glibc in particular:
+
+  $ ltrace -e free ls
+  libc.so.6->free(0x5)           = <void>
+  libc.so.6->free(0x78)          = <void>
+  libc.so.6->free(0xc)           = <void>
+  libc.so.6->free(0x308)         = <void>
+
+Note the nonsense values passed to free.  The problem is that these
+are not free calls at all, but malloc calls that are assigned to wrong
+PLT slots due to above bug.
+---
+ sysdeps/linux-gnu/x86/plt.c | 38 +++++++++++++++++++++-----------------
+ 1 file changed, 21 insertions(+), 17 deletions(-)
+
+diff --git a/sysdeps/linux-gnu/x86/plt.c b/sysdeps/linux-gnu/x86/plt.c
+index c860af6..97f6c3e 100644
+--- a/sysdeps/linux-gnu/x86/plt.c
+++ b/sysdeps/linux-gnu/x86/plt.c
+@@ -77,6 +77,18 @@ arch_elf_init(struct ltelf *lte, struct library *lib)
+ {
+ 	VECT_INIT(&lte->arch.plt_map, unsigned int);
+ 
+	if (vect_reserve(&lte->arch.plt_map, vect_size(&lte->plt_relocs)) < 0) {
+	fail:
+		arch_elf_destroy(lte);
+		return -1;
+	}
+
+	{
+		unsigned int i, sz = vect_size(&lte->plt_relocs);
+		for (i = 0; i < sz; ++i)
+			vect_pushback (&lte->arch.plt_map, &i);
+	}
+
+ 	/* IRELATIVE slots may make the whole situation a fair deal
+ 	 * more complex.  On x86{,_64}, the PLT slots are not
+ 	 * presented in the order of the corresponding relocations,
+@@ -114,43 +126,35 @@ arch_elf_init(struct ltelf *lte, struct library *lib)
+ 	/* Here we scan the PLT table and initialize a map of
+ 	 * relocation->slot number in lte->arch.plt_map.  */
+ 
+-	size_t i;
+-	for (i = 0; i < vect_size(&lte->plt_relocs); ++i) {
+	unsigned int i, sz = vect_size(&lte->plt_relocs);
+	for (i = 0; i < sz; ++i) {
+ 
+ 		GElf_Addr offset = x86_plt_offset(i);
+-		uint32_t reloc_arg = 0;
+ 
+ 		uint8_t byte;
+ 		if (elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
+ 		    || byte != 0xff
+ 		    || elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
+ 		    || (byte != 0xa3 && byte != 0x25))
+-			goto next;
+			continue;
+ 
+ 		/* Skip immediate argument in the instruction.  */
+ 		offset += 4;
+ 
+		uint32_t reloc_arg;
+ 		if (elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
+ 		    || byte != 0x68
+ 		    || elf_read_next_u32(lte->plt_data,
+-					 &offset, &reloc_arg) < 0) {
+-			reloc_arg = 0;
+-			goto next;
+-		}
+					 &offset, &reloc_arg) < 0)
+			continue;
+ 
+ 		if (lte->ehdr.e_machine == EM_386) {
+-			if (reloc_arg % 8 != 0) {
+-				reloc_arg = 0;
+-				goto next;
+-			}
+			if (reloc_arg % 8 != 0)
+				continue;
+ 			reloc_arg /= 8;
+ 		}
+ 
+-	next:
+-		if (VECT_PUSHBACK(&lte->arch.plt_map, &reloc_arg) < 0) {
+-			arch_elf_destroy(lte);
+-			return -1;
+-		}
+		*VECT_ELEMENT(&lte->arch.plt_map, unsigned int, reloc_arg) = i;
+ 	}
+ 
+ 	return 0;
+-- 
+2.1.0
+
--- a/ltrace-0.7.91-x86-unused_label.patch
+++ b/ltrace-0.7.91-x86-unused_label.patch
@ -0,0 +1,32 @@
+From e16a28f1b6e5a15368f8ed98dc29a6da714dc5fa Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Tue, 9 Dec 2014 17:44:30 +0100
+Subject: [PATCH] Drop unused label in x86 backend
+
+---
+ sysdeps/linux-gnu/x86/plt.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/sysdeps/linux-gnu/x86/plt.c b/sysdeps/linux-gnu/x86/plt.c
+index 97f6c3e..44ea260 100644
+--- a/sysdeps/linux-gnu/x86/plt.c
+++ b/sysdeps/linux-gnu/x86/plt.c
+@@ -1,6 +1,6 @@
+ /*
+  * This file is part of ltrace.
+- * Copyright (C) 2013 Petr Machata, Red Hat Inc.
+ * Copyright (C) 2013,2014 Petr Machata, Red Hat Inc.
+  * Copyright (C) 2004,2008,2009 Juan Cespedes
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -78,7 +78,6 @@ arch_elf_init(struct ltelf *lte, struct library *lib)
+ 	VECT_INIT(&lte->arch.plt_map, unsigned int);
+ 
+ 	if (vect_reserve(&lte->arch.plt_map, vect_size(&lte->plt_relocs)) < 0) {
+-	fail:
+ 		arch_elf_destroy(lte);
+ 		return -1;
+ 	}
+-- 
+2.1.0
+
--- a/ltrace.spec
+++ b/ltrace.spec
@ -1,7 +1,7 @@
 Summary: Tracks runtime library calls from dynamically linked executables
 Name: ltrace
 Version: 0.7.91
-Release: 11%{?dist}
+Release: 12%{?dist}
 URL: http://ltrace.alioth.debian.org/
 License: GPLv2+
 Group: Development/Debuggers
@ -71,6 +71,10 @@ Patch15: ltrace-0.7.91-parser-ws_after_id.patch
 # http://anonscm.debian.org/cgit/collab-maint/ltrace.git/commit/?id=bf82100966deda9c7d26ad085d97c08126a8ae88
 Patch16: ltrace-0.7.91-ppc-bias.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=1158714
+Patch17: ltrace-0.7.91-x86-plt_map.patch
+Patch18: ltrace-0.7.91-x86-unused_label.patch
+
 %description
 Ltrace is a debugging program which runs a specified command until the
 command exits.  While the command is executing, ltrace intercepts and
@ -99,6 +103,8 @@ execution of processes.
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
+%patch18 -p1

 %build
 %configure --docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@ -123,6 +129,10 @@ echo ====================TESTING END=====================
 %{_datadir}/ltrace

 %changelog
+* Wed Jan  7 2015 Petr Machata <pmachata@redhat.com> - 0.7.91-12
+- Add upstream fix for a bug in labeling PLT slots
+  (ltrace-0.7.91-x86-plt_map.patch)
+
 * Tue Dec  9 2014 Petr Machata <pmachata@redhat.com> - 0.7.91-11
 - Fix bias handling in PPC backend
 - Fix cloning of unresolved breakpoints in PPC backend