This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH][BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex
- From: Rabin Vincent <rabin dot vincent at axis dot com>
- To: libc-alpha at sourceware dot org
- Cc: Rabin Vincent <rabinv at axis dot com>
- Date: Thu, 6 Apr 2017 21:58:01 +0200
- Subject: [PATCH][BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex
- Authentication-results: sourceware.org; auth=none
From: Rabin Vincent <rabinv@axis.com>
__deregister_frame_info_bases() calls free() while holding a mutex which
is also used from _Unwind_Find_FDE(). This leads to a deadlock if
AddressSanitizer uses _Unwind_Backtrace() from its free()
implementation.
2017-04-06 Rabin Vincent <rabinv@axis.com>
[BZ #21357]
* sysdeps/generic/unwind-dw2-fde.c (__deregister_frame_info_bases):
Call free() outside of mutex.
diff --git a/sysdeps/generic/unwind-dw2-fde.c b/sysdeps/generic/unwind-dw2-fde.c
index 2f0bcd2..104a255 100644
--- a/sysdeps/generic/unwind-dw2-fde.c
+++ b/sysdeps/generic/unwind-dw2-fde.c
@@ -202,6 +202,7 @@ __deregister_frame_info_bases (void *begin)
{
struct object **p;
struct object *ob = 0;
+ struct fde_vector *tofree = NULL;
/* If .eh_frame is empty, we haven't registered. */
if (*(uword *) begin == 0)
@@ -225,7 +226,7 @@ __deregister_frame_info_bases (void *begin)
{
ob = *p;
*p = ob->next;
- free (ob->u.sort);
+ tofree = ob->u.sort;
goto out;
}
}
@@ -244,6 +245,7 @@ __deregister_frame_info_bases (void *begin)
out:
__gthread_mutex_unlock (&object_mutex);
+ free (tofree);
return (void *) ob;
}
hidden_def (__deregister_frame_info_bases)