Which anonymous areas are created/accessed by libc?

Is there a way to find out which anonymous Virtual Memory Areas are created/accessed by libc?

I have a program that mprotects VMAs on its address space. But when it mprotects an area that will be accessed by libc, a SIGSEGV occurs. Unfortunately, the signal handler that I've installed only handles faults that occurred on my code, and not libc's.

In detail, the fault I am getting is because printf uses varargs. It tries to access the location of reg_save_area which is within the va_list structure. That location belongs to an anonymous VMA which I have earlier mprotected.

So, is there a to know which are these areas before I mprotect them? Or at least a way to know where stdarg.h chooses to place reg_save_area?

The most clean way would be to handle SIGSEGV's that occur within the libc. But I doubt that there is such a way.

Note: The data/bss segment of libc can be easily identified because it is not anonymous. If I mprotect that VMA too, it will also cause an unhandled SIGSEGV, which is why I choose not to.

Answers


The simplest answer to your question is: all of them except the ones that you explicitly mapped yourself.

Do not do mprotect memory ranges that you didn't mmap yourself. Libraries and possibly even the kernel will do things behind your back all the time. They will do their own allocations and mappings. You are not allowed to change them because they are not yours to manage.

Btw. I really do mean mmap above. The protection of memory you get from malloc or any other allocating function is not yours to touch either. If you want full control over your memory mappings, do not use libc and don't do dynamic linking.


The most clean way would be to handle SIGSEGV's that occur within the libc. But I doubt that there is such a way.

Actually, the SIGSEGV's that are caused withing the C library's code can be handled. And I do handle them. The SIGSEGV's cannot be handled are the ones that occur either within the handler function itself, or within the function that is doing the mprotection of VMAs.

So, is there a to know which are these areas before I mprotect them? Or at least a way to know where stdarg.h chooses to place reg_save_area?

There's no way to know which areas are created by libc, other than the recommendation by @Art, but the solution to my problem was by skipping the protection of pages that were being used by the handler itself, or the function that was setting up the whole protection mechanism.

PS. I don't consider this as an answer to my question, as it simply does not answer the question I asked. It solved my original problem though, and that's why I am sharing it.


Need Your Help

How to make it that I cannot close all sections of a jQuery accordion

jquery html css accordion jquery-ui-accordion

In the following accordion, how do I make it so that one section must always be open (i.e. so I cannot close all sections at any one time). This is desired for aesthetic reasons. Thanks very much.

Python UDF for piglatin script not finding re module

python regex user-defined-functions apache-pig

I'm having trouble creating a UDF for a piglatin script I'm using. My problem is that when I run the script with pig script.pig I get the following error: