1 files changed, 37 insertions, 0 deletions

diff --git a/results/classifier/zero-shot-user-mode/output/instruction/1878501 b/results/classifier/zero-shot-user-mode/output/instruction/1878501
new file mode 100644
index 00000000..3675688f
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/instruction/1878501
@@ -0,0 +1,37 @@
+instruction: 0.405
+runtime: 0.320
+syscall: 0.275
+
+
+
+qemu-i386 does not define AT_SYSINFO
+
+qemu-i386 does not define the AT_SYSINFO auxval when running i386 Linux binaries.
+
+On most libcs, this is properly handled, but this is mandatory for the i686 Bionic (Android) libc or it will segfault.
+
+This is due to a blind assumption that getauxval(AT_SYSINFO) will return a valid function pointer:
+
+The code varies from version to version, but it looks like this:
+
+void *__libc_sysinfo;
+// mangled as _Z19__libc_init_sysinfov
+void __libc_init_sysinfo() {
+  bool dummy;
+  // __bionic_getauxval = getauxval
+  __libc_sysinfo = reinterpret_cast<void *>(__bionic_getauxval(AT_SYSINFO, dummy));
+}
+
+A simple way to reproduce is to compile a basic C program against the NDK:
+
+int main(void) { return 0; }
+
+$ i686-linux-android-clang -static empty.c -o empty
+$ qemu-i386 -cpu max ./empty
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault
+
+The place where it segfaults is misleading: It will, at least on the current NDK, crash on __set_thread_area, this is due to it calling a function pointer to __libc_sysinfo returned by __kernel_syscall.
+
+QEMU 4.1.1 (aarch64)
+Pixel 2 XL via Termux
\ No newline at end of file