Fix STB_GNU_UNIQUE handling for > 30 unique symbols.

There were several issues when the initial 31 entries hashtab filled up.
size * 3 <= tab->n_elements is always false, table can't have more elements
than its size.  I assume from libiberty/hashtab.c this meant to be check for
3/4 full.  Even after fixing that, _dl_higher_prime_number (31) apparently
returns 31, only _dl_higher_prime_number (32) returns 61.  And, size
variable wasn't updated during reallocation, which means during reallocation
the insertion of the new entry was done into a wrong spot.

All this lead to a hang in ld.so, because a search with n_elements 31 size
31 wouldn't ever terminate.

2 files changed, 9 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 801ec189d0..8cc2e675c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-07-27  Jakub Jelinek  <jakub@redhat.com>
+
+	* elf/dl-lookup.c (do_lookup_x): Fix check for table more than
+	3/4 full.  Pass size + 1 rather than size to _dl_higher_prime_number.
+	Update size when reallocating.
+
 2009-07-26  Ulrich Drepper  <drepper@redhat.com>
 
 	* sysdeps/x86_64/tst-xmmymm.sh: New file.  Check whether any of the
diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c
index 18f728812e..1d68d67a35 100644
--- a/elf/dl-lookup.c
+++ b/elf/dl-lookup.c
@@ -377,10 +377,10 @@ do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
 			idx -= size;
 		    }
 
-		  if (size * 3 <= tab->n_elements)
+		  if (size * 3 <= tab->n_elements * 4)
 		    {
 		      /* Expand the table.  */
-		      size_t newsize = _dl_higher_prime_number (size);
+		      size_t newsize = _dl_higher_prime_number (size + 1);
 		      struct unique_sym *newentries
 			= calloc (sizeof (struct unique_sym), newsize);
 		      if (newentries == NULL)
@@ -398,6 +398,7 @@ do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
 
 		      tab->free (entries);
 		      tab->size = newsize;
+		      size = newsize;
 		      entries = tab->entries = newentries;
 		      tab->free = free;
 		    }