about summary refs log tree commit diff
path: root/elf/dblunload.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-10-31 18:25:39 +0100
committerFlorian Weimer <fweimer@redhat.com>2019-11-27 20:55:35 +0100
commit440b7f8653e4ed8f6e1425145208050b795e9a6c (patch)
tree45f02b5d7f2af8adc0a6d71f1e30555e6d6ccc94 /elf/dblunload.c
parent79e0cd7b3c997e211fad44a81fd839dc5b2546e8 (diff)
downloadglibc-440b7f8653e4ed8f6e1425145208050b795e9a6c.tar.gz
glibc-440b7f8653e4ed8f6e1425145208050b795e9a6c.tar.xz
glibc-440b7f8653e4ed8f6e1425145208050b795e9a6c.zip
Avoid late failure in dlopen in global scope update [BZ #25112]
The call to add_to_global in dl_open_worker happens after running ELF
constructors for new objects.  At this point, proper recovery from
malloc failure would be quite complicated: We would have to run the
ELF destructors and close all opened objects, something that we
currently do not do.

Instead, this change splits add_to_global into two phases,
add_to_global_resize (which can raise an exception, called before ELF
constructors run), and add_to_global_update (which cannot, called
after ELF constructors).  A complication arises due to recursive
dlopen: After the inner dlopen consumes some space, the pre-allocation
in the outer dlopen may no longer be sufficient.  A new member in the
namespace structure, _ns_global_scope_pending_adds keeps track of the
maximum number of objects that need to be added to the global scope.
This enables the inner add_to_global_resize call to take into account
the needs of an outer dlopen.

Most code in the dynamic linker assumes that the number of global
scope entries fits into an unsigned int (matching the r_nlist member
of struct r_scop_elem).  Therefore, change the type of
_ns_global_scope_alloc to unsigned int (from size_t), and add overflow
checks.

Change-Id: Ie08e2f318510d5a6a4bcb1c315f46791b5b77524
Diffstat (limited to 'elf/dblunload.c')
0 files changed, 0 insertions, 0 deletions