Correctly size profiling reloc table (bug 17411)

During auditing or profiling modes the dynamic loader
builds a cache of the relocated PLT entries in order
to reuse them when called again through the same PLT
entry. This way the PLT entry is never completed and
the call into the resolver always results in profiling
or auditing code running.

The problem is that the PLT relocation cache size
is not computed correctly. The size of the cache
should be "Size of a relocation result structure"
x "Number of PLT-related relocations". Instead the
code erroneously computes "Size of a relocation
result" x "Number of bytes worth of PLT-related
relocations". I can only assume this was a mistake
in the understanding of the value of DT_PLTRELSZ
which is the number of bytes of PLT-related relocs.
We do have a DT_RELACOUNT entry, which is a count
for dynamic relative relocs, but we have no
DT_PLTRELCOUNT and thus we need to compute it.

This patch corrects the computation of the size of the
relocation table used by the glibc profiling code.

For more details see:
https://sourceware.org/ml/libc-alpha/2014-09/msg00513.html

	[BZ #17411]
	* elf/dl-reloc.c (_dl_relocate_object): Allocate correct amount for
	l_reloc_result.

diff --git a/ChangeLog b/ChangeLog
index 87ace922a8d246717c8ae11d023869704ffbd24a..2c607d9206bd04620d70c2287eae13acd344f625 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2014-09-29  Carlos O'Donell  <carlos@redhat.com>
+           Matthew LeGendre  <legendre1@llnl.gov>
+
+       [BZ #17411]
+       * elf/dl-reloc.c (_dl_relocate_object): Allocate correct amount for
+       l_reloc_result.
+
 2014-09-29  Kostya Serebryany  <konstantin.s.serebryany@gmail.com>
 
        * stdio-common/printf_fp.c

diff --git a/NEWS b/NEWS
index 94c065686a60d894f8948fae9015b3875271c615..ef982687a71081b7e333891790ba7b34906947aa 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.21
 
 * The following bugs are resolved with this release:
 
-  6652, 14171, 17266, 17363, 17370, 17371.
+  6652, 14171, 17266, 17363, 17370, 17371, 17411.
 \f
 Version 2.20
 

diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
index d2c6dac69e479b1120b490162b4eccc8ca044554..97a7119d13626156b36dd97b994a700ba25ad2f7 100644 (file)
--- a/elf/dl-reloc.c
+++ b/elf/dl-reloc.c
@@ -279,8 +279,12 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
                              l->l_name);
          }
 
-       l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]),
-                                   l->l_info[DT_PLTRELSZ]->d_un.d_val);
+       size_t sizeofrel = l->l_info[DT_PLTREL]->d_un.d_val == DT_RELA
+                          ? sizeof (ElfW(Rela))
+                          : sizeof (ElfW(Rel));
+       size_t relcount = l->l_info[DT_PLTRELSZ]->d_un.d_val / sizeofrel;
+       l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]), relcount);
+
        if (l->l_reloc_result == NULL)
          {
            errstring = N_("\