Re: Bash's malloc does not work within qemu-user when compiled with PIE

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash's malloc does not work within qemu-user when compiled with PIE

From:	Raphael Hertzog
Subject:	Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
Date:	Wed, 14 Feb 2018 09:38:57 +0100
User-agent:	Mutt/1.9.3 (2018-01-21)

On Tue, 13 Feb 2018, Chet Ramey wrote:
> > Note that a bash binary compiled with PIE works fine for normal usage
> > with a current Linux kernel. Apparently it was causing troubles with
> > older Linux kernels, see 
> > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
> > 
> > But with current kernels it works fine. The problem only happens
> > under qemu-user.
> 
> Wouldn't that imply that the problem has something to do with
> qemu-user and how it interacts with sbrk?

Possibly, I opened a ticket there as well to see what they think of this:
https://bugs.launchpad.net/qemu/+bug/1749393

> > From what I understood the memory layout of a PIE-compiled binary is
> > different but sbrk() still works the same. Maybe some assumption that you
> > are doing about the memory layout are not holding true however.
> 
> The only assumption bash makes is that sbrk() extends the break and that
> the pointer it returns marks the beginning of contiguously addressable
> storage of the requested size.
> 
> > While trying to learn more about this I found this URL
> > https://gist.github.com/CMCDragonkai/10ab53654b2aa6ce55c11cfc5b2432a4
> 
> The applicable part of this is that sbrk() extends the heap.

One thing that I saw in that document is "An interesting fact is that if
you produce a position independent executable, the starting address
instead changes to 0x0".

Isn't it possible that sbrk() returns that pointer to you and you treat
it as being an error instead of a valid address?

> The thing about the error message in the ubuntu bug report is that it's
> literally the first call to xmalloc bash makes at startup: the call to
> savestring when saving the default locale. You can tell because it reports
> 0 bytes as having been allocated. sbrk() fails immediately.

In my tests under qemu-user, I see this:
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)

It's "savestring (shell_name)".

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

[Prev in Thread]

Current Thread

[Next in Thread]

Bash's malloc does not work within qemu-user when compiled with PIE enabled, Raphael Hertzog, 2018/02/13
- Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Chet Ramey, 2018/02/13
  - Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Raphael Hertzog, 2018/02/13
    - Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Chet Ramey, 2018/02/13
    - Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Raphael Hertzog <=
    - Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Chet Ramey, 2018/02/14
    - Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled, Eduardo A . Bustamante López, 2018/02/16

Prev by Date: Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
Next by Date: make distclean breaks "later "configure && makes"", i.e., removes a file in distro that a build needs (cannot process parse.y)
Previous by thread: Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
Next by thread: Re: Bash's malloc does not work within qemu-user when compiled with PIE enabled
Index(es):
- Date
- Thread