
February 26th, 2001

I might have found a bug in the dynamic loader of glibc-2.2.x
(including glibc-2.2.2) running on x86/Linux (debian testing=sid)
Linux kernel 2.2.18. GNU compiler gcc-2.95.3 from debian. ld 2.10.91

I am making an ELF executable with an explicit ldscript. I actually
want to make a binary containing 4 LOAD-ed segments:

* the usual text and data segments

* my TEXTHEAP and DATAHEAP segment, at fixed addresses

The motivation for my specific TEXTHEAP and DATAHEAP segments is to
implement a runtime for a garbage collected langage (e.g. like CMUCL
Lisp) which should persist its heap in the ELF binary. (so having the
heap at fixed address makes it a lot easier, than eg Xemacs unexecelf
routine).

So I coded my own ldscript. It might be faulty (it probably is) but I
believe it should not crash the /lib/ld-linux.so.2 dynamic loader. In
other words I expect the dynamic loader to be resistant, even with
faulty ELF dynamically linked executables.

To exibit the bug, just

   make prog

   # plain2 is the binary ordinary linked, and main2 is the binary
   # linked with ldscript

   ./main2 # core dumps

   ./plain2 # runs ok

   /lib/ld-linux.so.2 ./plain2 # ok

   /lib/ld-linux.so.2 ./main2 # core dump, core from ld-linux.so.2



Basile STARYNKEVITCH -- http://perso.wanadoo.fr/starynkevitch/basile/
email: basile dot starynkevitch at wanadoo dot fr (France)
alias: basile at tunes dot org       host: http://lesours.dyndns.org/
8, rue de la Faencerie, 92340 Bourg La Reine, phone: 1.46.65.45.53

