From 4cb434df9bb8ee8e4ba50436e76952ebe0e0473a Mon Sep 17 00:00:00 2001 From: John Reck Date: Fri, 15 May 2015 07:47:17 -0700 Subject: [PATCH 1/3] Fix regression in crash reporting Bug: 19532651 Partial revert of be0e43b77676338fd5e6a82c9cc2b6302d579de2 Change-Id: I99e220328aff985facb920ebcd84ac1a016759b5 --- linker/debugger.cpp | 9 --------- 1 file changed, 9 deletions(-) diff --git a/linker/debugger.cpp b/linker/debugger.cpp index 357fbdc99..46c97af91 100644 --- a/linker/debugger.cpp +++ b/linker/debugger.cpp @@ -205,15 +205,6 @@ static bool have_siginfo(int signum) { } static void send_debuggerd_packet(siginfo_t* info) { - if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) { - // process has disabled core dumps and PTRACE_ATTACH, and does not want to be dumped. - // Honor that intention by not connecting to debuggerd and asking it - // to dump our internal state. - __libc_format_log(ANDROID_LOG_INFO, "libc", - "Suppressing debuggerd output because prctl(PR_GET_DUMPABLE)==0"); - return; - } - // Mutex to prevent multiple crashing threads from trying to talk // to debuggerd at the same time. static pthread_mutex_t crash_mutex = PTHREAD_MUTEX_INITIALIZER; From c3351ea94d7e0a47c600e82c0973d9c3f257efc9 Mon Sep 17 00:00:00 2001 From: Dmitriy Ivanov Date: Wed, 27 May 2015 18:29:41 -0700 Subject: [PATCH 2/3] Work around incorrect dt_needed entries This applies for apps targeting sdk<=22 and only for lp32 platforms. Bug: http://b/21364029 Change-Id: I903e81c9ccda2a8beaba1d132d68c77d30a4cdb2 (cherry picked from commit d974e8804689058714dc4fe9adcb57ee9a6996a8) --- linker/dlfcn.cpp | 2 ++ linker/linker.cpp | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/linker/dlfcn.cpp b/linker/dlfcn.cpp index 8fafded6a..8705d9a5c 100644 --- a/linker/dlfcn.cpp +++ b/linker/dlfcn.cpp @@ -158,6 +158,8 @@ int dlclose(void* handle) { } void android_set_application_target_sdk_version(uint32_t target) { + // lock to avoid modification in the middle of dlopen. + ScopedPthreadMutexLocker locker(&g_dl_mutex); set_application_target_sdk_version(target); } diff --git a/linker/linker.cpp b/linker/linker.cpp index f3ca7610d..e8bebff63 100644 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -1215,11 +1215,27 @@ static int open_library(const char* name, off64_t* file_offset) { return fd; } +static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) { +#if !defined(__LP64__) + // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029 + uint32_t target_sdk_version = get_application_target_sdk_version(); + if (target_sdk_version != 0 && target_sdk_version <= 22) { + const char* bname = basename(dt_needed); + if (bname != dt_needed) { + DL_WARN("'%s' library has invalid DT_NEEDED entry '%s'", sopath, dt_needed); + } + + return bname; + } +#endif + return dt_needed; +} + template static void for_each_dt_needed(const soinfo* si, F action) { for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { if (d->d_tag == DT_NEEDED) { - action(si->get_string(d->d_un.d_val)); + action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath())); } } } From e89c2048d67884894560237fc81bec83d609b9b0 Mon Sep 17 00:00:00 2001 From: Dmitriy Ivanov Date: Thu, 25 Jun 2015 15:51:41 -0700 Subject: [PATCH 3/3] Fix crash when trying to load invalid ELF file. Bug: http://b/22047255 Bug: http://b/22091640 Change-Id: I6c51cff43287a6ac4b25fa9ce6a6fc3d232fd047 --- linker/linker.cpp | 2 +- linker/linker_phdr.cpp | 18 ++++++++++++++++-- linker/linker_phdr.h | 3 ++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/linker/linker.cpp b/linker/linker.cpp index e147a131c..e1b8ca97d 100644 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -1293,7 +1293,7 @@ static soinfo* load_library(int fd, off64_t file_offset, } // Read the ELF header and load the segments. - ElfReader elf_reader(realpath.c_str(), fd, file_offset); + ElfReader elf_reader(realpath.c_str(), fd, file_offset, file_stat.st_size); if (!elf_reader.Load(extinfo)) { return nullptr; } diff --git a/linker/linker_phdr.cpp b/linker/linker_phdr.cpp index f586b08b5..30118e363 100644 --- a/linker/linker_phdr.cpp +++ b/linker/linker_phdr.cpp @@ -133,8 +133,8 @@ static int GetTargetElfMachine() { MAYBE_MAP_FLAG((x), PF_R, PROT_READ) | \ MAYBE_MAP_FLAG((x), PF_W, PROT_WRITE)) -ElfReader::ElfReader(const char* name, int fd, off64_t file_offset) - : name_(name), fd_(fd), file_offset_(file_offset), +ElfReader::ElfReader(const char* name, int fd, off64_t file_offset, off64_t file_size) + : name_(name), fd_(fd), file_offset_(file_offset), file_size_(file_size), phdr_num_(0), phdr_mmap_(nullptr), phdr_table_(nullptr), phdr_size_(0), load_start_(nullptr), load_size_(0), load_bias_(0), loaded_phdr_(nullptr) { @@ -377,6 +377,20 @@ bool ElfReader::LoadSegments() { ElfW(Addr) file_page_start = PAGE_START(file_start); ElfW(Addr) file_length = file_end - file_page_start; + if (file_size_ <= 0) { + DL_ERR("\"%s\" invalid file size: %" PRId64, name_, file_size_); + return false; + } + + if (file_end >= static_cast(file_size_)) { + DL_ERR("invalid ELF file \"%s\" load segment[%zd]:" + " p_offset (%p) + p_filesz (%p) ( = %p) past end of file (0x%" PRIx64 ")", + name_, i, reinterpret_cast(phdr->p_offset), + reinterpret_cast(phdr->p_filesz), + reinterpret_cast(file_end), file_size_); + return false; + } + if (file_length != 0) { void* seg_addr = mmap64(reinterpret_cast(seg_page_start), file_length, diff --git a/linker/linker_phdr.h b/linker/linker_phdr.h index 50f211775..3affa66cd 100644 --- a/linker/linker_phdr.h +++ b/linker/linker_phdr.h @@ -39,7 +39,7 @@ class ElfReader { public: - ElfReader(const char* name, int fd, off64_t file_offset); + ElfReader(const char* name, int fd, off64_t file_offset, off64_t file_size); ~ElfReader(); bool Load(const android_dlextinfo* extinfo); @@ -62,6 +62,7 @@ class ElfReader { const char* name_; int fd_; off64_t file_offset_; + off64_t file_size_; ElfW(Ehdr) header_; size_t phdr_num_;