Android: Determine search path by taking the address of a function instead of a variable.

The GetCrazyContext function calls the crazy_context_add_search_path_for_address function to add the directory where the crazy linker library was loaded from to the search path. This function works by reading /proc/self/maps to discover the path of the file from which the address passed as the second argument is mapped, which is expected to be the crazy linker library. However, there is no guarantee that the address of a static variable such as s_crazy_context will be mapped; the linker may allocate them into an unmapped region of the r/w segment. This happens to be what lld does with this variable. Because the address was not mapped, we ended up failing to determine the search path, which led to a failure to load libchrome.so in pre-modern APKs. We can more reasonably rely on functions being memory mapped, so this change causes us to take the address of a function instead. Bug: 779185 Change-Id: I83cd882567c48a2cca443b7f5781c50ebc1b9bb4 Reviewed-on: https://chromium-review.googlesource.com/745201Reviewed-by: agrieve <agrieve@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#512698}

Android: Determine search path by taking the address of a function instead of a variable.
The GetCrazyContext function calls the crazy_context_add_search_path_for_address function to add the directory where the crazy linker library was loaded from to the search path. This function works by reading /proc/self/maps to discover the path of the file from which the address passed as the second argument is mapped, which is expected to be the crazy linker library. However, there is no guarantee that the address of a static variable such as s_crazy_context will be mapped; the linker may allocate them into an unmapped region of the r/w segment. This happens to be what lld does with this variable. Because the address was not mapped, we ended up failing to determine the search path, which led to a failure to load libchrome.so in pre-modern APKs. We can more reasonably rely on functions being memory mapped, so this change causes us to take the address of a function instead. Bug: 779185 Change-Id: I83cd882567c48a2cca443b7f5781c50ebc1b9bb4 Reviewed-on: https://chromium-review.googlesource.com/745201Reviewed-by: agrieve <agrieve@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#512698}
eb412d96 · Peter Collingbourne · Commit Bot · 387fe823 · eb412d96
Commit eb412d96 authored Oct 31, 2017 by Peter Collingbourne Committed by Commit Bot Oct 31, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

base/android/linker/legacy_linker_jni.cc base/android/linker/legacy_linker_jni.cc +1 -1

No files found.
--- a/base/android/linker/legacy_linker_jni.cc
+++ b/base/android/linker/legacy_linker_jni.cc
@@ -52,7 +52,7 @@ crazy_context_t* GetCrazyContext() {
    // Ensure libraries located in the same directory as the linker
    // can be loaded before system ones.
    crazy_context_add_search_path_for_address(
-        s_crazy_context, reinterpret_cast<void*>(&s_crazy_context));
+        s_crazy_context, reinterpret_cast<void*>(&GetCrazyContext));
  }
  return s_crazy_context;