about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@redhat.com>2011-02-25 20:49:48 -0500
committerUlrich Drepper <drepper@gmail.com>2011-02-25 20:49:48 -0500
commit4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 (patch)
treec66f1fa828edf1592d7f73c4200c16ae2996f8b5
parent661b9e2014b3964469198ce7697a1d0d06aa4882 (diff)
downloadglibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.tar.gz
glibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.tar.xz
glibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.zip
Fix memory leak in dlopen with RTLD_NOLOAD.
-rw-r--r--ChangeLog18
-rw-r--r--NEWS2
-rw-r--r--elf/Makefile6
-rw-r--r--elf/dl-close.c15
-rw-r--r--elf/dl-deps.c2
-rw-r--r--elf/dl-load.c2
-rw-r--r--elf/noload.c22
-rw-r--r--include/link.h5
8 files changed, 59 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index c30fb5c5d4..a60bf2b103 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2011-02-23  Andreas Schwab  <schwab@redhat.com>
+	    Ulrich Drepper  <drepper@gmail.com>
+
+	[BZ #12509]
+	* include/link.h (struct link_map): Add l_orig_initfini.
+	* elf/dl-load.c (_dl_map_object_from_fd): Free realname before
+	returning unsuccessfully.
+	* elf/dl-close.c (_dl_close_worker): If this is the last explicit
+	close of a file loaded at startup, restore the original l_initfini
+	list.
+	* elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini
+	list, store the pointer.
+	* elf/Makefile ($(objpfx)noload-mem): New rule.
+	(noload-ENV): Define.
+	(tests): Add $(objpfx)noload-mem.
+	* elf/noload.c: Include <memcheck.h>.
+	(main): Call mtrace.  Close all opened handles.
+
 2011-02-17  Andreas Schwab  <schwab@redhat.com>
 
 	[BZ #12454]
diff --git a/NEWS b/NEWS
index e659e3a95f..38243c3ae1 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.14
 
 * The following bugs are resolved with this release:
 
-  11724, 12445, 12454, 12460, 12469, 12489
+  11724, 12445, 12454, 12460, 12469, 12489, 12509
 
 Version 2.13
 
diff --git a/elf/Makefile b/elf/Makefile
index 36ea9b81dc..c427679c6b 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -213,7 +213,7 @@ endif
 ifeq (yesyes,$(have-fpie)$(build-shared))
 tests: $(objpfx)tst-pie1.out
 endif
-tests: $(objpfx)tst-leaks1-mem
+tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
 tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes))
@@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
 LDFLAGS-noload = -rdynamic
 $(objpfx)noload.out: $(objpfx)testobj5.so
 
+$(objpfx)noload-mem: $(objpfx)noload.out
+	$(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
+noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
+
 LDFLAGS-nodelete = -rdynamic
 LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
 LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete
diff --git a/elf/dl-close.c b/elf/dl-close.c
index f6d8dd313c..efb2b584f2 100644
--- a/elf/dl-close.c
+++ b/elf/dl-close.c
@@ -1,5 +1,5 @@
 /* Close a shared object opened by `_dl_open'.
-   Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc.
+   Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
   if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
       || dl_close_state != not_pending)
     {
-      if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
-	dl_close_state = rerun;
+      if (map->l_direct_opencount == 0)
+	{
+	  if (map->l_type == lt_loaded)
+	    dl_close_state = rerun;
+	  else if (map->l_type == lt_library)
+	    {
+	      struct link_map **oldp = map->l_initfini;
+	      map->l_initfini = map->l_orig_initfini;
+	      _dl_scope_free (oldp);
+	    }
+	}
 
       /* There are still references to this object.  Do nothing more.  */
       if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
diff --git a/elf/dl-deps.c b/elf/dl-deps.c
index 5288353d8f..d3c27f14cc 100644
--- a/elf/dl-deps.c
+++ b/elf/dl-deps.c
@@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
       _dl_scope_free (old_l_reldeps);
     }
   if (old_l_initfini != NULL)
-    _dl_scope_free (old_l_initfini);
+      map->l_orig_initfini = old_l_initfini;
 }
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 41b5ce7691..1ad16a0d65 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
     {
       /* We are not supposed to load the object unless it is already
 	 loaded.  So return now.  */
+      free (realname);
       __close (fd);
       return NULL;
     }
@@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
       _dl_zerofd = _dl_sysdep_open_zero_fill ();
       if (_dl_zerofd == -1)
 	{
+	  free (realname);
 	  __close (fd);
 	  _dl_signal_error (errno, NULL, NULL,
 			    N_("cannot open zero fill device"));
diff --git a/elf/noload.c b/elf/noload.c
index 9281ec714c..bcc85efc27 100644
--- a/elf/noload.c
+++ b/elf/noload.c
@@ -1,20 +1,28 @@
 #include <dlfcn.h>
 #include <stdio.h>
+#include <mcheck.h>
 
 int
 main (void)
 {
   int result = 0;
+  void *p;
+
+  mtrace ();
 
   /* First try to load an object which is a dependency.  This should
      succeed.  */
-  if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+  p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
+  if (p == NULL)
     {
       printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
       result = 1;
     }
   else
-    puts ("loading \"testobj1.so\" succeeded, OK");
+    {
+      puts ("loading \"testobj1.so\" succeeded, OK");
+      dlclose (p);
+    }
 
   /* Now try loading an object which is not already loaded.  */
   if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@@ -25,8 +33,6 @@ main (void)
   else
     {
       /* Load the object and run the same test again.  */
-      void *p;
-
       puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
 
       p = dlopen ("testobj5.so", RTLD_LAZY);
@@ -41,13 +47,17 @@ main (void)
 	{
 	  puts ("loading \"testobj5.so\" succeeded, OK");
 
-	  if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+	  void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
+	  if (q == NULL)
 	    {
 	      printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
 	      result = 1;
 	    }
 	  else
-	    puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	    {
+	      puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	      dlclose (q);
+	    }
 
 	  if (dlclose (p) != 0)
 	    {
diff --git a/include/link.h b/include/link.h
index 9d1fc1a8fe..e877104641 100644
--- a/include/link.h
+++ b/include/link.h
@@ -1,6 +1,6 @@
 /* Data structure for communication from the run-time dynamic linker for
    loaded ELF shared objects.
-   Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc.
+   Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -240,6 +240,9 @@ struct link_map
 
     /* List of object in order of the init and fini calls.  */
     struct link_map **l_initfini;
+    /* The init and fini list generated at startup, saved when the
+       object is also loaded dynamically.  */
+    struct link_map **l_orig_initfini;
 
     /* List of the dependencies introduced through symbol binding.  */
     struct link_map_reldeps