diff options
| author | Florian Weimer <fweimer@redhat.com> | 2022-08-26 21:15:43 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2022-08-26 21:15:43 +0200 |
| commit | d0e357ff45a75553dee3b17ed7d303bfa544f6fe (patch) | |
| tree | 1b3480f556a5a7d109c3cc5775ed951420156f00 /elf/dl-open.c | |
| parent | 06d4381dd81eaab16b538017adc5854033f44b6d (diff) | |
| download | glibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.tar.gz glibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.tar.xz glibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.zip | |
elf: Call __libc_early_init for reused namespaces (bug 29528)
libc_map is never reset to NULL, neither during dlclose nor on a dlopen call which reuses the namespace structure. As a result, if a namespace is reused, its libc is not initialized properly. The most visible result is a crash in the <ctype.h> functions. To prevent similar bugs on namespace reuse from surfacing, unconditionally initialize the chosen namespace to zero using memset.
Diffstat (limited to 'elf/dl-open.c')
| -rw-r--r-- | elf/dl-open.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/elf/dl-open.c b/elf/dl-open.c index a23e65926b..46e8066fd8 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -844,11 +844,14 @@ _dl_open (const char *file, int mode, const void *caller_dlopen, Lmid_t nsid, _dl_signal_error (EINVAL, file, NULL, N_("\ no more namespaces available for dlmopen()")); } - else if (nsid == GL(dl_nns)) - { - __rtld_lock_initialize (GL(dl_ns)[nsid]._ns_unique_sym_table.lock); - ++GL(dl_nns); - } + + if (nsid == GL(dl_nns)) + ++GL(dl_nns); + + /* Initialize the new namespace. Most members are + zero-initialized, only the lock needs special treatment. */ + memset (&GL(dl_ns)[nsid], 0, sizeof (GL(dl_ns)[nsid])); + __rtld_lock_initialize (GL(dl_ns)[nsid]._ns_unique_sym_table.lock); _dl_debug_update (nsid)->r_state = RT_CONSISTENT; } |