Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 527504 - media-sound/mumble: mumble-overlay wrapper crashes when sys-libs/glibc is built w/out SySV hashing (DT_HASH)
Summary: media-sound/mumble: mumble-overlay wrapper crashes when sys-libs/glibc is bui...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Lars Wendler (Polynomial-C)
Depends on:
Reported: 2014-10-30 17:29 UTC by Daniel Scharrer
Modified: 2019-01-27 22:15 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Scharrer 2014-10-30 17:29:23 UTC
Using the mumble-overlay wrapper crashes any program on my system, even those that don't even use X11/OpenGL. The same happens when manually LD_PRELOADing /usr/lib/mumble/

This is because libmumble overrides dlsym (in order to intercept glXSwapBuffers) but then fails to get the address of the original dlsym, which it needs to forward non-intercepted function lookups. The original dlsym is not found because does not have a DT_HASH entry.

There are a couple of things in play here:

1.) libmumble implements it's own symbol search on top of <link.h> [1]. Their implementation is a linear search over all symbols in but still needs the DT_HASH entry to get the number of items in the DT_SYMTAB table. They chose this approach in order to avoid linking to private glibc symbols such as __libc_dlsym [2,3].

2.) The sys-libs/glibc ebuild disables the upstream forced --hash-style=both flag because "We take care of patching our binutils to use both hash styles". [4]

3.) Starting with sys-devel/binutils-2.24, this is assumption is no longer true as the patch for binutils now enables only DT_GNU_HASH by default [5].

I'm unsure if this is an upstream mumble bug and/or a bug in the binutils/glibc ebuilds, so I'm reporting it here first.

On one side the symbol search hack in mumble doesn't seem more portable or future-proof than the more common [6] __libc_dlsym usage.

On the other hand:

- It works on other distributions - even when they use only DT_GNU_HASH for most libraries, DT_HASH is still enabled for libdl (see additional information).

- The comment in [4] suggests that the removal of DT_HASH from glibc was not intentional.

- It can be argued that the presence of DT_HASH is part of the library's ABI and thus should be retained for anything that needs a stable ABI. The dynamic linker exposes the ELF dynamic sections via dlinfo(handle, RTLD_DI_LINKMAP, p);

- The ELF specification [7] lists DT_HASH as mandatory.


Reproducible: Always

$ emerge --info
Portage 2.2.14 (python 2.7.8-final-0, default/linux/amd64/13.0, gcc-4.8.3, glibc-2.19-r1, 3.17.1-gentoo-r1 x86_64)
System uname: Linux-3.17.1-gentoo-r1-x86_64-AMD_Phenom-tm-_9750_Quad-Core_Processor-with-gentoo-2.2
KiB Mem:     8180440 total,    556908 free
KiB Swap:          0 total,         0 free
Timestamp of tree: Tue, 28 Oct 2014 19:00:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.3_p30
dev-java/java-config:     2.2.0
dev-lang/perl:            5.20.1-r2
dev-lang/python:          2.7.8, 3.3.5-r1, 3.4.2
dev-util/pkgconfig:       0.28-r2
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.2
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.14.1
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.1.2::toolchain, 4.3.6-r1::toolchain, 4.4.7::toolchain, 4.5.4::toolchain, 4.6.4, 4.7.4, 4.8.3, 4.9.1, 4.10.0_pre9999::toolchain
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.3
sys-devel/make:           4.1-r1
sys-kernel/linux-headers: 3.17 (virtual/os-headers)
sys-libs/glibc:           2.19-r1
Repositories: gentoo local-repo kde gamerlay qt x11 toolchain arx-libertatis
Installed sets: @kdeadmin-4.14, @kdeartwork-4.14, @kdebase-4.14, @kdegames-4.14, @kdegraphics-4.14, @system
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-O2 -pipe -O2 -march=amdfam10 -pipe -ggdb"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /usr/share/themes/oxygen-gtk/gtk-3.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -O2 -march=amdfam10 -pipe -ggdb"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/kde /var/lib/layman/gamerlay /var/lib/layman/qt /var/lib/layman/x11 /var/lib/layman/toolchain /home/dscharrer/pro/gentoo"
USE="3dnow 3dnowext X X11 acl alsa amd64 bash-completion berkdb bzip2 cli consolekit cracklib crypt cxx dbus dri fortran gdbm gles gles1 gles2 iconv ipv6 j2k jpeg2k kde kde4 lm_sensors mmx mmxext modules multilib ncurses nls nptl offensive openexr opengl openmp pam pch pcre pgo png poliicykit qt qt4 readline sdl semantic-desktop session sse sse2 sse3 ssl ssse3 tcpd threads truetype udev unicode v4l v4l2 vdpau x11 xgl xv xvmc zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="krita" CAMERAS="canon directory ptp2 template" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard mouse wacom joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby21" SANE_BACKENDS="hp*" USERLAND="GNU" VIDEO_CARDS="fglrx radeon radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

DT_HASH / DT_GNU_HASH usage on various distributions:

[Gentoo amd64]

$ readelf -d /lib/ | grep HASH
 0x0000000000000004 (HASH)               0x290
 0x000000006ffffef5 (GNU_HASH)           0x440
$ readelf -d /usr/lib/ | grep HASH
 0x0000000000000004 (HASH)               0x1c8
 0x000000006ffffef5 (GNU_HASH)           0xf30

[Gentoo ~amd64]

$ readelf -d /lib/ | grep HASH
 0x000000006ffffef5 (GNU_HASH)           0x33e2a00290
$ readelf -d /usr/lib/ | grep HASH
 0x000000006ffffef5 (GNU_HASH)           0x3fa6e001c8

[Arch Linux]

$ readelf -d /lib/ | grep HASH
 0x0000000000000004 (HASH)               0x1eb8
 0x000000006ffffef5 (GNU_HASH)           0x280
$ readelf -d /usr/lib/ | grep HASH
 0x000000006ffffef5 (GNU_HASH)           0x1f0

[Debian 6]

$ readelf -d /lib/ | grep HASH
 0x00000004 (HASH)                       0x1a60
 0x6ffffef5 (GNU_HASH)                   0x178
$ readelf -d /lib/ | grep HASH
 0x00000004 (HASH)                       0xf8
 0x6ffffef5 (GNU_HASH)                   0x7d8

[Fedora 16]

$ readelf -d /lib/ | grep HASH
 0x00000004 (HASH)                       0x203c
 0x6ffffef5 (GNU_HASH)                   0x198
$ readelf -d /usr/lib/ | grep HASH
 0x6ffffef5 (GNU_HASH)                   0x138

[Ubuntu 14.04]

$ readelf -d /lib/x86_64-linux-gnu/ | grep HASH
0x0000000000000004 (HASH) 0x1eb0
0x000000006ffffef5 (GNU_HASH) 0x280
$ readelf -d /usr/lib/x86_64-linux-gnu/ | grep HASH
0x000000006ffffef5 (GNU_HASH) 0x1f0
Comment 1 SpanKY gentoo-dev 2016-07-05 08:04:20 UTC
there's no need to walk the hash table directly.  use dlsym("dlsym", RTLD_NEXT) in order to find the original symbol.  i think that fix should go to the mumble guys.

on the toolchain side, this change might not have been intentional, but if this is the first problem we've seen in the ~2.5 years that this has been active, then let's just go with it.  having DT_HASH available when DT_GNU_HASH is usable is just a waste of disk/memory.
Comment 2 Daniel Scharrer 2016-07-05 15:22:22 UTC
> use dlsym("dlsym", RTLD_NEXT) in order to find the original symbol.

For that you need the original dlsym, which is exactly what they are trying to locate here.
Comment 3 Sergei Trofimovich gentoo-dev 2019-01-27 22:15:15 UTC
Is there an upstream bug filed to understand DT_GNU_HASH sections?