[Bug 1075] New: ARM: Programs linked to shared library segfault

bugzilla at busybox.net bugzilla at busybox.net
Thu Feb 11 11:34:58 UTC 2010


https://bugs.busybox.net/show_bug.cgi?id=1075

              Host: i386 PC with Ubuntu 9.10
            Target: ARM embedded device
           Summary: ARM: Programs linked to shared library segfault
           Product: uClibc
           Version: 0.9.30.2
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Shared Library Support
        AssignedTo: unassigned at uclibc.org
        ReportedBy: fabrizio.ge at tiscali.it
                CC: uclibc-cvs at uclibc.org
   Estimated Hours: 0.0


On the host, I untar, configure, make and install binutils 2.20 for an ARM
target.

On the host, I untar Linux kernel 2.6.32 tarball and install the sanitised
headers.

On the host, I untar the uClibc 0.9.30.2 tarball and type make.
The configuration is:
target architecture: arm
target architecture features: oabi, generic arm, LITTLE endian, Linux kernel
header location is set to where the sanitised headers were installed in
previous step
uClibc development/debugging options: Cross-compiling toolchain prefix
arm-linux-

Then I type
sudo make install_headers
(headers are needed because otherwise gcc wouldn't compile without
--disable-threads)

On the host, I untar and configure gcc 4.4.3 for an ARM target. Configure
options are
--target=arm-linux --enable-languages=c,c++ --nfp --enable-__cxa_atexit
--disable-shared
(--disable-shared is needed because otherwise gcc wouldn't compile without
crti.o)

Then I type
make all-target-libgcc
(to compile gcc itself and libgcc.a)
sudo make install-gcc
sudo make install-target-libgcc

Now I go back to the uClibc folder and type
make
sudo PATH=$PATH make install

I compile a helloworld test program, test.c

#include <stdio.h>

int main()
{
 printf("Whither Canada?\n");
 return 0;
}

twice, first with
arm-linux-gcc test.c -o testarm
then with
arm-linux-gcc test.c -static -o testarmstatic

I copy testarm and testarmstatic to the device
I copy libc.so.0 and ld-uClibc.so.0 from uClibc-0.9.30.2\lib to the device
(making sure the symbolic links are dereferenced, so the actual libraries and
not the links are copied)

Then I boot the device (which has already its own Linux kernel and a Busybox
shell accessible from serial, and glibc installed as libc.so.6)

>From the device's shell:
# ./testarmstatic
Whither Canada?
# ./testarm
Segmentation fault

The crash happens even before main() is executed. The device has gdb running on
it. Here is a gdb session.
# ./gdb testarm
GNU gdb (GDB) 7.0
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /mnt/sdcard/testarm...(no debugging symbols found)...done.
(gdb) brea __uClibc_main
Breakpoint 1 at 0x8338
(gdb) brea __uClibc_init
Function "__uClibc_init" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 5 (__uClibc_init) pending.
(gdb) brea _dl_get_ready_to_run
Function "_dl_get_ready_to_run" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 6 (_dl_get_ready_to_run) pending.
(gdb) brea _dl_app_init_array
Function "_dl_app_init_array" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 7 (_dl_app_init_array) pending.
(gdb) brea _dl_run_init_array
Function "_dl_run_init_array" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 8 (_dl_run_init_array) pending.
(gdb) r
Starting program: /mnt/sdcard/testarm

Breakpoint 5, 0x4004c708 in __uClibc_init () from /lib/libc.so.0
(gdb) c
Continuing.

Breakpoint 1, 0x4004c77c in __uClibc_main () from /lib/libc.so.0
(gdb)
Continuing.

Breakpoint 5, 0x4004c708 in __uClibc_init () from /lib/libc.so.0
(gdb)
Continuing.

Breakpoint 7, 0x4005ea44 in _dl_app_init_array () from /lib/ld-uClibc.so.0
(gdb)
Continuing.

Breakpoint 8, 0x4005ea24 in _dl_run_init_array () from /lib/ld-uClibc.so.0
(gdb) disass
Dump of assembler code for function _dl_run_init_array:
0x4005ea24 <_dl_run_init_array+0>:      push    {r11, lr}
0x4005ea28 <_dl_run_init_array+4>:      mov     r3, r0
0x4005ea2c <_dl_run_init_array+8>:      ldr     r2, [r0]
0x4005ea30 <_dl_run_init_array+12>:     ldr     r1, [r3, #172]  ; 0xac
0x4005ea34 <_dl_run_init_array+16>:     ldr     r0, [r0, #164]  ; 0xa4
0x4005ea38 <_dl_run_init_array+20>:     add     r11, sp, #4
0x4005ea3c <_dl_run_init_array+24>:     pop     {r11, lr}
0x4005ea40 <_dl_run_init_array+28>:     b       0x4005e9ec
End of assembler dump.
(gdb) print $r0
$1 = 0
(gdb) print $r3
$3 = 1074180008
(gdb) nexti
0x4005ea28 in _dl_run_init_array () from /lib/ld-uClibc.so.0
(gdb) 

0x4005ea2c in _dl_run_init_array () from /lib/ld-uClibc.so.0
(gdb) print $r3
$4 = 0
(gdb) 

(gdb) nexti

Program received signal SIGSEGV, Segmentation fault.
0x4005ea2c in _dl_run_init_array () from /lib/ld-uClibc.so.0

(gdb) inf br
Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x4004c77c <__uClibc_main>
        breakpoint already hit 1 time
5       breakpoint     keep y   0x4004c708 <__uClibc_init>
        breakpoint already hit 2 times
6       breakpoint     keep y   0x40060fb0 <_dl_get_ready_to_run>
7       breakpoint     keep y   0x4005ea44 <_dl_app_init_array>
        breakpoint already hit 1 time
8       breakpoint     keep y   0x4005ea24 <_dl_run_init_array>
        breakpoint already hit 1 time

Looks like a null pointer dereference in _dl_run_init_array.
_dl_get_ready_to_run is apparently never called.


-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list