https://bugs.kde.org/show_bug.cgi?id=386428
Bug ID: 386428
Summary: [PATCH] isoimagewriter crashes with default Fedora RPM
build flags (hardened build) due to libudev dlopen
hack (weak symbols)
Product: isoimagewriter
Version: unspecified
Platform: Fedora RPMs
OS: Linux
Status: UNCONFIRMED
Severity: crash
Priority: NOR
Component: general
Assignee: j...@jriddell.org
Reporter: kevin.kof...@chello.at
Target Milestone: ---
The isoimagewriter code goes to great length to not link directly to the
libudev shared library, but declare its symbols as weak and open it using
dlopen. Unfortunately, the weak symbol trick does not work with the default
flags for Fedora RPM builds (hardened_build enabled): the function addresses
end up being NULL, so the code tries to execute NULL and segfaults. (Note that
dlopen itself works if it is used with dlsym, but the weak symbols do not
work.)
I do not see a valid reason to dlopen libudev to begin with. First of all, the
soname has been constant at libudev.so.1 for 5 years now. A distribution still
shipping libudev.so.0 is probably ancient and binaries built on it will not run
without recompiling on a distro that old anyway. And distribution packages will
always be linked against the correct libudev soname, no matter what it is.
Therefore, I suggest to just link libudev directly, as per the following patch:
https://src.fedoraproject.org/rpms/isoimagewriter/blob/master/f/isoimagewriter-link-libudev-dynamically.patch
or to at least give distributors a CMake option to do that if you really want
to keep dlopen support (but as I explained above, I think it is not all that
useful to begin with).
--
You are receiving this mail because:
You are watching all bug changes.
