As usual, the X server has found new and interesting ways to
abuse the linker, and I'm now getting a new crash in the 64-bit
SPARC binaries of Xorg when trying to dlopen it's .so loadable
modules.
The stack trace as recorded by dbx is:
---- called from signal handler with signal 4 (SIGILL) ------
[7] 0xffffffff7c300004(0x1, 0x1, 0xffffffff7f734530, 0xffffffffffffffff,
0x200000, 0xffffffff7f734460), at 0xffffffff7c300004
[8] dlmopen_intn(0xffffffff7fffb06c, 0x1, 0xffffffff7fffb06c,
0xffffffff7f738d60, 0x16, 0xffffffff7c7015f8), at 0xffffffff7f61c68c
[9] dlmopen_check(0xffffffff7f7341b8, 0x10042f410, 0xd01,
0xffffffff7f738d60,
0xffffffff7fffb06c, 0x1), at 0xffffffff7f61c7dc
[10] _dlopen(0x10042f410, 0x101, 0xffffffffffffffff, 0xffffffff7f7341b8,
0xffffffffffffffe0, 0x1), at 0xffffffff7f61c81c
[11] DLLoadModule(0x10042f3d0, 0x1, 0x10043d338, 0x6d6f75736500, 0xff0000,
0x8080808080808080), at 0x1000b7cd8
[12] LoaderOpen(0x10042ef50, 0x10043d2f0, 0x8, 0xffffffff7fffb57c,
0xffffffff7fffb578, 0x8), at 0x1000b4798
[13] doLoadModule(0x10043d030, 0x0, 0x0, 0x10043f280, 0x0, 0x100347750), at
0x1000b6ec0
[14] LoadModule(0x10043d030, 0x0, 0x0, 0x0, 0x0, 0xffffffff7fffb578), at
0x1000b7284
[15] InitOutput(0xffffffff7fffb57c, 0x100353758, 0x1003476d0, 0x10043d030,
0xffffffff7fffb578, 0x1003538d8), at 0x1000af714
[16] main(0x2, 0xffffffff7ffffd18, 0x8, 0x10041d6e0, 0x100342000,
0x100424170), at 0x100075c0c
Probably not a coincidence, the address it crashed at is just inside
the mapping of the module it's in the middle of dlopen'ing:
FFFFFFFF7C300000 56K r-x-- /usr/X11/lib/modules/input/mouse_drv.so
FFFFFFFF7C40E000 8K rwx-- /usr/X11/lib/modules/input/mouse_drv.so
It successfully dlopened 6 other modules before this one, so I'm not sure what's
different about this one. Any clues where to look?
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
