Here's a patch to glibc to set the default value of MALLOC_CHECK_ to 1 (from 3). By doing so, the malloc specific error passed to malloc_printerr() will still be displayed by default, but libc will not attempt to generate a backtrace, which is what is causing the deadlock to occur. Even if the deadlock weren't a problem, it's also valuable from a security perspective, as attempting to malloc() from the same pool that libc has already detected an attacker has corrupted is likely unsafe, and may grant an attacker a chance to regain control. This is also the reason for adding the MALLOC_CHECK_ variable to the list of environment variables for filtering when setuid/setgid programs are invoked.
People wishing to see the backtrace for debugging purposes can get the old default behavior back by setting MALLOC_CHECK_=3 in their environment. I've verified that eglibc builds fine with this change, and that xorg- server 2:1.14.5-1ubuntu2 (not containing the workaround that Martin added in 2:1.14.5-1ubuntu3, thus would normally trigger the ld/glibc hang on i386) also builds fine when built against eglibc with this patch on all arches. Fixing this of course doesn't address the binutils bug where ld is corrupting malloc space, or the dpkg-buildflags hardening flaw around -static and -pie (doko, is there a bug already for that?), but it will stop builds from hanging. Note that I don't have upload privileges, so all my patches will need to be sponsored. ** Patch added: "local-no-malloc-backtrace.diff" https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1266492/+attachment/3962383/+files/local-no-malloc-backtrace.diff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/1266492 Title: ld:i386 crashes with -static -fPIE -pie Status in Embedded GLIBC: Incomplete Status in “binutils” package in Ubuntu: Confirmed Status in “eglibc” package in Ubuntu: New Status in “evolution-data-server” package in Ubuntu: Triaged Status in “xorg-server” package in Ubuntu: Triaged Status in “binutils” source package in Trusty: Confirmed Status in “eglibc” source package in Trusty: New Status in “evolution-data-server” source package in Trusty: Triaged Status in “xorg-server” source package in Trusty: Triaged Bug description: Making a simple file conftest.c with the following contents: int main() { return 0; } And then compiling it on i386 with gcc -fPIE -pie -static conftest.c returns: *** Error in `/usr/bin/ld': corrupted double-linked list: 0x08dddb38 *** This breaks compilation xorg-server on i386. I believe that -static -fPIE -pie is probably invalid, and it fails on amd64 too. $ gcc -fPIE -pie -static conftest.c /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.8/crtbeginT.o: relocation R_X86_64_32 against `__TMC_END__' can not be used when making a shared object; recompile with -fPIC /usr/lib/gcc/x86_64-linux-gnu/4.8/crtbeginT.o: error adding symbols: Bad value collect2: error: ld returned 1 exit status But autoconf hangs on the corrupted double-linked list, which times out the xorg-server build. To manage notifications about this bug go to: https://bugs.launchpad.net/eglibc/+bug/1266492/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
