CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Justin Hibbits <jhibbits@FreeBSD.org>
	Sun, 20 Jan 2019 03:53:42 +0000 (03:53 +0000)
committer	Justin Hibbits <jhibbits@FreeBSD.org>
	Sun, 20 Jan 2019 03:53:42 +0000 (03:53 +0000)
commit	a1b136518fbf20e8e56a03173bf0c22c28ae6360
tree	88ec9ccaba263d60f6d86b5f1d17dd8ee3be0c4c	tree \| snapshot
parent	462ad06b6f522df71780e8f02988c3ea84dd1556	commit \| diff

MFC r341387:

Fix PowerPC64 ELFv1-specific problem in __elf_phdr_match_addr() leading to crash
in threaded programs that unload libraries.

Summary:
The GNOME update to 3.28 exposed a bug in __elf_phdr_match_addr(), which leads
to a crash when building devel/libsoup on powerpc64.

Due to __elf_phdr_match_addr() limiting its search to PF_X sections, on the
PPC64 ELFv1 ABI, it was never matching function pointers properly.

This meant that libthr was never cleaning up its atfork list in
__pthread_cxa_finalize(), so if a library with an atfork handler was unloaded,
libthr would crash on the next fork.

Normally, the null pointer check it does before calling the handler would avoid
this crash, but, due to PPC64 ELFv1 using function descriptors instead of raw
function pointers, a null check against the pointer itself is insufficient, as
the pointer itself was not null, it was just pointing at a function descriptor
that had been zeroed. (Which is an ABI violation.)

Calling a zeroed function descriptor on PPC64 ELFv1 causes a jump to address 0
with a zeroed r2 and r11.