Is there a way to find out which anonymous Virtual Memory Areas are created/accessed by libc?
I have a program that mprotects VMAs on its address space.
But when it mprotects an area that will be accessed by libc, a SIGSEGV occurs. Unfortunately, the signal handler that I've installed only handles faults that occurred on my code, and not libc's.
In detail, the fault I am getting is because printf uses varargs. It tries to access the location of reg_save_area which is within the va_list structure. That location belongs to an anonymous VMA which I have earlier mprotected.
So, is there a to know which are these areas before I mprotect them? Or at least a way to know where stdarg.h chooses to place reg_save_area?
The most clean way would be to handle SIGSEGV's that occur within the libc. But I doubt that there is such a way.
Note: The data/bss segment of libc can be easily identified because it is not anonymous. If I mprotect that VMA too, it will also cause an unhandled SIGSEGV, which is why I choose not to.
The simplest answer to your question is: all of them except the ones that you explicitly mapped yourself.
Do not do mprotect memory ranges that you didn't mmap yourself. Libraries and possibly even the kernel will do things behind your back all the time. They will do their own allocations and mappings. You are not allowed to change them because they are not yours to manage.
Btw. I really do mean mmap above. The protection of memory you get from malloc or any other allocating function is not yours to touch either. If you want full control over your memory mappings, do not use libc and don't do dynamic linking.