From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	FROM_SUSPICIOUS_NTLD,FROM_SUSPICIOUS_NTLD_FP,MAILING_LIST_MULTI,
	PDS_OTHER_BAD_TLD,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 8763 invoked from network); 4 Jan 2022 21:27:44 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 4 Jan 2022 21:27:44 -0000
Received: (qmail 28384 invoked by uid 550); 4 Jan 2022 21:27:42 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 28350 invoked from network); 4 Jan 2022 21:27:41 -0000
Date: Tue, 4 Jan 2022 15:27:10 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nihaljere.xyz;
	s=key1; t=1641331649;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=V9NgeTfzwXEwKY04AVuxdiy1lf187Zq20v//Xtfcht0=;
	b=alP9O8HX59DkGZh4dJnnNXukYpQSVb3Bymjd1SROTU+dBtLsYZSTbeB5CWBLvhy3ZjtVKX
	24iw7DjfAZQiJZY5+H7bFF+9OyRHrr6FsQItkW1z1NqjyM/EX8WdCuW19UzxtLgFTJUfiV
	AXeuqONECfdjciZ6y+YGQFFVmwP3ji4=
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Nihal Jere <nihal@nihaljere.xyz>
To: musl@lists.openwall.com
Message-ID: <YdS7rrVPInqjpFTu@debussy>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: nihaljere.xyz
Subject: [musl] Dynamic linker segfault

Hi,

ldd from master segfaults when run on [1] and [2]. It happens on
this[3] line. It seems to happen due to the intersection of a few
factors:

1. The segment at the lowest address is read-only.
2. A segment on the the same page is read/write.
3. The read/write segment has memsz > filesz.

This results in a segfault, as it tries to memset[3] on the mmap
created here[4], which has the same protection as the segment at
the lowest address (i.e. read-only).

As far as I can see, the options are to either:

a. detect this and throw an error.
b. 'or' together the protection flags of all the segments on the page.

I'm not sure what the right behavior is, but I don't think segfaulting
is right, and I'm sure there are people here what's correct.

Best,
Nihal

[1] https://github.com/golang/go/blob/master/src/debug/elf/testdata/go-relocation-test-gcc930-ranges-no-rela-x86-64
[2] https://github.com/golang/go/blob/master/src/debug/elf/testdata/go-relocation-test-gcc930-ranges-with-rela-x86-64
[3] https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n783
[4] https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n742