hex1 and hex2 write outside declared ELF memory #1
Comments
|
Perhaps a much better name for the label table is scratch_buffer and yes it appears to be leveraging Linux's behavior to allocate to the end of the 4KB block. So the correct thing for me to do is probably change the ph_memsz in the ELF header so that it goes to the end of the 4KB block. and do the same for hex1. Thoughts? |
|
I hit this issue on Linux 2.2 and 2.4 kernels. The PR #7 resolves the issue for those kernel versions, and does not regress other kernel versions. Note I have not tested on builder-hex0 or fiwix though. With Linux 2.2 and 2.4 I only needed to fix hex2_x86.hex1 |
|
hex2 was fixed in #7 but what about hex1. I guess that is still affected... |
|
I'm not sure whether or not hex1 is affected, I know that my patch fixes builds on both Linux 2.2 and 2.4. It also allows hex2 to run on even earlier versions of Linux (I've tested all the way back to 1.0.9 from 1994). Unfortunately for older versions of Linux there are other issues (specifically M0 currently doesn't work on 2.0 kernels or earlier, plus kernels prior to 2.0.36 don't support enough memory to run stage0 to completion). I'll raise separate issues for those earlier versions. fyi the M0 issue is because M0 assumes ebp is initialised to 0, but that's not the case for kernels before 2.2. This patch fixes that issue in my project: cosinusoidally/tcc_bootstrap_alt@f27344c In terms of this ticket it can be tested either by installing an old Linux distro with the relevant kernel in qemu, or it can be tested using just the boot/root floppy disks from an old version of slackware. eg for slackware 7.0 (kernel 2.0.37) https://gist.github.com/cosinusoidally/76aafa69b2e3e456812bdb85b89cebe6 |
hex2_x86.hex0 writes to a location labeled "table" at the end of the process but it writes beyond the declared four bytes and therefore beyond the amount of memory declared in the ELF header.
The builder-hex0 kernel originally attempted to start the (brk) heap right after the process image but this lead to mysterious hangs and crashes because hex2 would overwrite "table" when it wrote to the memory it had allocated with the brk syscall.
The builder-hex0 kernel worked around this behavior by moving the heap 256 bytes beyond the end of the process but it is not clear how much space can be used for table. I think table is just used store a label so the name is confusing. For what its worth, it took a long time to debug this issue.
hex1 also seems to use memory beyond its declared space but it does not allocate memory so I don't think that it resulted in a memory conflict.
The text was updated successfully, but these errors were encountered: