Bug#808008: segmentation fault on any code compiled by tcc with libc6 2.21-4

Tue, 15 Dec 2015 08:34:22 -0800 

Control: retitle -1: segmentation fault on any code due to new binutils 
relocations

On 2015-12-15 12:34, Vincent Lefevre wrote:
> Control: retitle -1 segmentation fault on any code compiled by tcc with libc6 
> 2.21-4
> 
> Cc to the glibc maintainers because the cause of the bug is due to
> some change in glibc.

I don't think it's related to the glibc. It's related to the fact that
glibc 2.21-4 in unstable is built with a recent binutils, introducing
some changes in the relocations. If you rebuild glibc 2.21-4 with
binutils 2.25.1-7, the problem disappears.

> On 2015-12-15 09:35:04 +0100, Vincent Lefevre wrote:
> > Code compiled by tcc segfaults:
> > 
> > ypig% cat conftest.c 
> > int main (void)
> > { return 0; }
> > ypig% tcc conftest.c -o conftest
> > ypig% ./conftest 
> > zsh: segmentation fault (core dumped)  ./conftest
> 
> The cause is libc6 2.21. I get this problem with libc6 2.21-4,
> but on another machine, after reverting to libc6 2.19-22, this
> problem no longer occurs. So, I wonder whether this is a tcc
> bug or a glibc one.
> 
> In the "objdump -S" output of conftest, I notice the following
> difference:
> 
> libc6 2.19:
> 
> 0000000000400430 <_init>:
>   400430:       48 83 ec 08             sub    $0x8,%rsp
>   400434:       48 8b 05 4d 01 20 00    mov    0x20014d(%rip),%rax        # 
> 600588 <_init+0x200158>
> [...]
> 
> libc6 2.21:
> 
> 00000000004003f0 <_init>:
>   4003f0:       48 83 ec 08             sub    $0x8,%rsp
>   4003f4:       48 8b 05 00 00 00 00    mov    0x0(%rip),%rax        # 4003fb 
> <_init+0xb>
> 
> The 0x20014d(%rip) has changed to 0x0(%rip).

This is due to the following change in crti.o:

2.19:

| 000000000000000 <_init>:
|    0:   48 83 ec 08             sub    $0x8,%rsp
|    4:   48 8b 05 00 00 00 00    mov    0x0(%rip),%rax        # b <_init+0xb>
|                         7: R_X86_64_GOTPCREL    __gmon_start__-0x4
|    b:   48 85 c0                test   %rax,%rax
|    e:   74 05                   je     15 <_init+0x15>
|   10:   e8 00 00 00 00          callq  15 <_init+0x15>
|                         11: R_X86_64_PLT32      __gmon_start__-0x4
| 

12.21:

| 0000000000000000 <_init>:
|    0:   48 83 ec 08             sub    $0x8,%rsp
|    4:   48 8b 05 00 00 00 00    mov    0x0(%rip),%rax        # b <_init+0xb>
|                         7: R_X86_64_REX_GOTPCRELX       __gmon_start__-0x4
|    b:   48 85 c0                test   %rax,%rax
|    e:   74 05                   je     15 <_init+0x15>
|   10:   e8 00 00 00 00          callq  15 <_init+0x15>
|                         11: R_X86_64_PLT32      __gmon_start__-0x4

As you can see the R_X86_64_GOTPCREL has been replaced by a new
relocation type R_X86_64_REX_GOTPCRELX. It looks like TCC doesn't
support it.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurel...@aurel32.net                 http://www.aurel32.net

Reply via email to