diff options
author | Andreas Schwab <schwab@redhat.com> | 2012-06-22 11:10:31 -0700 |
---|---|---|
committer | Carlos O'Donell <carlos_odonell@mentor.com> | 2012-06-22 11:10:31 -0700 |
commit | 0479b305c5b7c8e3fa8e3002982cf8cac02b842e (patch) | |
tree | f72a6cb6c122c086d6e7b5989e9d746c0c3431a1 /elf/dl-deps.c | |
parent | 0e3933b96344ab9c0ac633c19f4ebfdede5375d4 (diff) | |
download | glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.gz glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.xz glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.zip |
Fix invalid memory access in do_lookup_x.
[BZ #13579] Do not free l_initfini and allow it to be reused on subsequent dl_open calls for the same library. This fixes the invalid memory access in do_lookup_x when the previously free'd l_initfini was accessed through l_searchlist when a library had been opened for the second time.
Diffstat (limited to 'elf/dl-deps.c')
-rw-r--r-- | elf/dl-deps.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/elf/dl-deps.c b/elf/dl-deps.c index 69aec461fb..2ae496d7b5 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -1,6 +1,5 @@ /* Load the dependencies of a mapped object. - Copyright (C) 1996-2003, 2004-2007, 2010-2012 - Free Software Foundation, Inc. + Copyright (C) 1996-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -488,6 +487,7 @@ _dl_map_object_deps (struct link_map *map, nneeded * sizeof needed[0]); atomic_write_barrier (); l->l_initfini = l_initfini; + l->l_free_initfini = 1; } /* If we have no auxiliary objects just go on to the next map. */ @@ -688,6 +688,7 @@ Filters not supported with LD_TRACE_PRELINKING")); l_initfini[nlist] = NULL; atomic_write_barrier (); map->l_initfini = l_initfini; + map->l_free_initfini = 1; if (l_reldeps != NULL) { atomic_write_barrier (); @@ -696,7 +697,7 @@ Filters not supported with LD_TRACE_PRELINKING")); _dl_scope_free (old_l_reldeps); } if (old_l_initfini != NULL) - map->l_orig_initfini = old_l_initfini; + _dl_scope_free (old_l_initfini); if (errno_reason) _dl_signal_error (errno_reason == -1 ? 0 : errno_reason, objname, |