Skip to content

Dangerous linking options #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rdoeffinger opened this issue Nov 18, 2019 · 4 comments
Open

Dangerous linking options #454

rdoeffinger opened this issue Nov 18, 2019 · 4 comments

Comments

@rdoeffinger
Copy link

(note: resolving #205 might avoid the issue in many cases in practice as well, but might not fully resolve it in case of different build configs)
When loading libz.so.1 with dlopen and RTLD_LOCAL it can happen that you end up with mysterious crashes.
The reason is that your library is run inside a program that ALSO uses zlib, but a different version and does not hide the symbols (loads it RTLD_GLOBAL, depends on it, ...).
The end result is that deflateInit2_ when calling deflateReset() ends up calling deflateReset from that INCOMPATIBLE version of zlib.
The normal solution to that is to link with -Wl,-Bsymbolic.
Alternatively (e.g. if one wanted to avoid depending on non-generic compiler options) it would be possible to forbid calling any exported functions from zlib code itself. This will be more difficult to do though, I do not know if there are any other pieces of code with this same issue.
@madler
Copy link
Owner

madler commented Nov 18, 2019

So you've actually experienced these mysterious crashes?

@rdoeffinger
Copy link
Author

rdoeffinger commented Nov 18, 2019
edited
Loading

See below for a test-case.
Note that in order to simplify it, it uses --export-dynamic which clearly is a horrible practice, but it is representative of what can happen with real programs.
It also shows that RTLD_LOCAL is not necessary.
Yes, unfortunately I have really experienced such crashes, and it was a huge pain to debug.
The workaround I found for now was using dlmopen instead, but unfortunately dlmopen seems to have its share of bugs (and some by design), so I am not too happy about that solution (I cannot modify the file exporting its internal copy of zlib unfortunately).

#if 0
gcc -o zlibtest zlibtest.c -ldl -Wl,--export-dynamic && ./zlibtest
exit
#endif
#include <dlfcn.h>
#include <stdio.h>
#include <zlib.h>

int deflateReset(z_stream *s)
{
    printf("called the wrong one!\n");
}

static int (*deflateInit2_ptr)(z_stream *, int, int, int, int, int, const char *, int);

int main()
{
    z_stream s = {};
    void *h = dlopen("libz.so.1", RTLD_NOW);
    deflateInit2_ptr = dlsym(h, "deflateInit2_");
    deflateInit2_ptr(&s, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15, 8, Z_DEFAULT_STRATEGY, "1.2.3", sizeof(s));
    return 0;
}

@rdoeffinger
Copy link
Author

As far as I can tell, the versions involved seem to be 1.2.7 (the one in libz.so.1 providing the deflateInit2_) and 1.2.3 (the one from elsewhere, from which deflateReset gets called by deflateInit2_).
But It's easily possible I got something wrong, and I don't know how each was compiled, so take it with a grain of salt.

@rdoeffinger
Copy link
Author

Minor comment just for the record: -Bsymbolic-functions should work just as well as -Bsymbolic in this case.

@monkburger monkburger mentioned this issue Apr 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@madler @rdoeffinger