This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/13579] do_lookup_x may access dangling memory
- From: "aj at suse dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 06 Apr 2012 06:59:07 +0000
- Subject: [Bug dynamic-link/13579] do_lookup_x may access dangling memory
- Auto-submitted: auto-generated
- References: <bug-13579-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13579
--- Comment #6 from Andreas Jaeger <aj at suse dot de> 2012-04-06 06:59:07 UTC ---
Btw. to just fix the accessing of dangling memory, here's a simple (but broken)
patch with a comment to explain the problem that the current implementation
has:
===================================================================
--- glibc-2.11.3.orig/elf/dl-close.c 2011-05-27 15:08:23.000000000 +0200
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
{
struct link_map **oldp = map->l_initfini;
map->l_initfini = map->l_orig_initfini;
- _dl_scope_free (oldp);
+ /* We can't remove the l_initfini memory because
+ it's shared with l_searchlist.r_list. We don't clear
+ the latter so when we dlopen this object again that
+ entry would point to stale memory. And we don't want
+ to recompute it as it would involve a new call to
+ map_object_deps.
+ _dl_scope_free (oldp); */
}
}
This patch is broken since now oldp never gets freed and thus some tests fail.
The Fedora patch is AFAIK applying Andreas Schwab's initial patch that Ulrich
Drepper changed ontop of Ulrich's change (thus adding Andreas' initial version)
Here's a link to the initial patch
http://sourceware.org/ml/libc-hacker/2011-02/msg00004.html
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.