Core dump, empty interpreter

[cf4f67]

Describe the bug

The program produces a core dump (crashes).

Steps To Reproduce

patchelf --set-interpreter /path-to/ld-linux.so BinaryWithEmptyInterpreter.binary produces a core dump.

The binary with empty interpreter that triggered the issue for me can be found in zipped form at https://ufile.io/y3pvil2z (38MB zipped, 136MB unzipped).

Expected behavior

Not a program crash. Maybe a no-op with an informative message.

patchelf --version output

patchelf 0.14.5

Additional context

yvt/nixpkgs@49be2c8#commitcomment-70690616

[Mic92]

Maybe fixed by #376 ?

[Mic92]

There is now a new patchelf release and the file provided here is no longer available

[cf4f67]

Sorry for late replay, if still interested in the file here it is in parts smaller than the 25MB github upload limit,

SomeUE4DebugBinary.debug.aa.zip
SomeUE4DebugBinary.debug.ab.zip

Then, to get the full 136MB binary,

cat *.aa.zip *.ab.zip > SomeDebugBinary.zip
unzip SomeDebugBinary.zip

[cf4f67]

$ nix shell github:NixOS/patchelf
$ patchelf --version
patchelf 0.15.0
$ patchelf --set-interpreter /path-to/ld-linux.so UnrealVersionSelector-Linux-Shipping.debug
patchelf: patchelf.cc:809: void ElfFile<Elf_Ehdr, Elf_Phdr, Elf_Shdr, Elf_Addr, Elf_Off, Elf_Dyn, Elf_Sym, Elf_Verneed, Elf_Versym>::rewriteSectionsExecutable() [with Elf_Ehdr = Elf64_Ehdr; Elf_Phdr = Elf64_Phdr; Elf_Shdr = Elf64_Shdr; Elf_Addr = long unsigned int; Elf_Off = long unsigned int; Elf_Dyn = Elf64_Dyn; Elf_Sym = Elf64_Sym; Elf_Verneed = Elf64_Verneed; Elf_Versym = short unsigned int]: Assertion `startAddr % getPageSize() == startOffset % getPageSize()' failed.
Aborted (core dumped)

[Mic92]

Ok. So this is not quite a crash but a failed assertion. Also this assertion could be turned into a better error message.

[corngood]

There's an issue collecting various nixpkg failures related to this.

NixOS/nixpkgs#91946

[corngood]

Running 0.15.0 with --debug:

patching ELF file 'test.debug'                                                                                                                                                                                        
replacing section '.interp' with size 83                                                                                                                                                                                                      
this is an executable                                                                                                                                                                                                                         
using replaced section '.interp'                                                                                                                                                                                                              
last replaced is 3                                                                                                                                                                                                                            
looking at section '.note.gnu.property'                                                                                                                                                                                                       
replacing section '.note.gnu.property' which is in the way                                                                                                                                                                                    
looking at section '.note.gnu.build-id'                                                                                                                                                                                                       
replacing section '.note.gnu.build-id' which is in the way                                                                                                                                                                                    
looking at section '.interp'                                                                                                                                                                                                                  
first reserved offset/addr is 0x3ec/0x400440                                                                                                                                                                                                  
patchelf: patchelf.cc:795: void ElfFile<Elf_Ehdr, Elf_Phdr, Elf_Shdr, Elf_Addr, Elf_Off, Elf_Dyn, Elf_Sym, Elf_Verneed, Elf_Versym>::rewriteSectionsExecutable() [with Elf_Ehdr = Elf64_Ehdr; Elf_Phdr = Elf64_Phdr; Elf_Shdr = Elf64_Shdr; Elf_Addr = long unsigned int; Elf_Off = long unsigned int; Elf_Dyn = Elf64_Dyn; Elf_Sym = Elf64_Sym; Elf_Verneed = Elf64_Verneed; Elf_Versym = short unsigned int]: Assertion `startAddr % getPageSize() == startOffset % getPageSize()' failed$

Section Headers:                                                                                                       
  [Nr] Name              Type             Address           Offset  
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0 
  [ 1] .note.gnu.pr[...] NOTE             0000000000400388  00000388
       0000000000000040  0000000000000000   A       0     0     8 
  [ 2] .note.gnu.bu[...] NOTE             00000000004003c8  000003c8
       0000000000000024  0000000000000000   A       0     0     4
  [ 3] .interp           NOBITS           00000000004003ec  000003ec
       0000000000000053  0000000000000000   A       0     0     1 
  [ 4] .hash             NOBITS           0000000000400440  000003ec
       00000000000009f8  0000000000000004   A       6     0     8 
  [ 5] .gnu.hash         NOBITS           0000000000400e38  000003ec
       0000000000000060  0000000000000000   A       6     0     8
  [ 6] .dynsym           NOBITS           0000000000400e98  000003ec
       00000000000022f8  0000000000000018   A       7     1     8
[...]

I wasn't able to bisect exactly what caused this to start happening (NixOS/nixpkgs#399818), but if I look at the ELF from before it broke, .interp comes before .note.gnu.*.

Edit: the behaviour change seems to have happened in a binutils update: NixOS/nixpkgs#388157

[corngood]

Here's a minimal test which can reproduce this on binutils 2.44, but not 2.43.1:

with import <nixpkgs> { };
runCommandCC "test" { } ''
  cc -xc - <<EOF
    int main() { return 0; }
  EOF
  objcopy --only-keep-debug a.out a.debug
  patchelf --set-interpreter foo a.debug
  touch "$out"
''

[superherointj]

I wasn't able to bisect exactly what caused this to start happening (NixOS/nixpkgs#399818), but if I look at the ELF from before it broke, .interp comes before .note.gnu.*.

Bisect at: NixOS/nixpkgs#399818 (comment)