about summary refs log tree commit diff
path: root/elf/dl-open.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2022-08-26 21:15:43 +0200
committerFlorian Weimer <fweimer@redhat.com>2022-08-26 21:15:43 +0200
commitd0e357ff45a75553dee3b17ed7d303bfa544f6fe (patch)
tree1b3480f556a5a7d109c3cc5775ed951420156f00 /elf/dl-open.c
parent06d4381dd81eaab16b538017adc5854033f44b6d (diff)
downloadglibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.tar.gz
glibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.tar.xz
glibc-d0e357ff45a75553dee3b17ed7d303bfa544f6fe.zip
elf: Call __libc_early_init for reused namespaces (bug 29528)
libc_map is never reset to NULL, neither during dlclose nor on a
dlopen call which reuses the namespace structure.  As a result, if a
namespace is reused, its libc is not initialized properly.  The most
visible result is a crash in the <ctype.h> functions.

To prevent similar bugs on namespace reuse from surfacing,
unconditionally initialize the chosen namespace to zero using memset.
Diffstat (limited to 'elf/dl-open.c')
-rw-r--r--elf/dl-open.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/elf/dl-open.c b/elf/dl-open.c
index a23e65926b..46e8066fd8 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -844,11 +844,14 @@ _dl_open (const char *file, int mode, const void *caller_dlopen, Lmid_t nsid,
 	  _dl_signal_error (EINVAL, file, NULL, N_("\
 no more namespaces available for dlmopen()"));
 	}
-      else if (nsid == GL(dl_nns))
-	{
-	  __rtld_lock_initialize (GL(dl_ns)[nsid]._ns_unique_sym_table.lock);
-	  ++GL(dl_nns);
-	}
+
+      if (nsid == GL(dl_nns))
+	++GL(dl_nns);
+
+      /* Initialize the new namespace.  Most members are
+	 zero-initialized, only the lock needs special treatment.  */
+      memset (&GL(dl_ns)[nsid], 0, sizeof (GL(dl_ns)[nsid]));
+      __rtld_lock_initialize (GL(dl_ns)[nsid]._ns_unique_sym_table.lock);
 
       _dl_debug_update (nsid)->r_state = RT_CONSISTENT;
     }