Fix invalid memory access in do_lookup_x.

[BZ #13579] Do not free l_initfini and allow it to be reused on subsequent dl_open calls for the same library. This fixes the invalid memory access in do_lookup_x when the previously free'd l_initfini was accessed through l_searchlist when a library had been opened for the second time.
author: Andreas Schwab <schwab@redhat.com> 2012-06-22 11:10:31 -0700
committer: Carlos O'Donell <carlos_odonell@mentor.com> 2012-06-22 11:10:31 -0700
commit: 0479b305c5b7c8e3fa8e3002982cf8cac02b842e (patch)
tree: f72a6cb6c122c086d6e7b5989e9d746c0c3431a1 /elf/rtld.c
parent: 0e3933b96344ab9c0ac633c19f4ebfdede5375d4 (diff)
download: glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.gz
glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.xz
glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index a5b0ab9815..6bcf224c49 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2292,6 +2292,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
 	      lnp->dont_free = 1;
 	      lnp = lnp->next;
 	    }
+	  /* Also allocated with the fake malloc().  */
+	  l->l_free_initfini = 0;
 
 	  if (l != &GL(dl_rtld_map))
 	    _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,
author	Andreas Schwab <schwab@redhat.com>	2012-06-22 11:10:31 -0700
committer	Carlos O'Donell <carlos_odonell@mentor.com>	2012-06-22 11:10:31 -0700
commit	0479b305c5b7c8e3fa8e3002982cf8cac02b842e (patch)
tree	f72a6cb6c122c086d6e7b5989e9d746c0c3431a1 /elf/rtld.c
parent	0e3933b96344ab9c0ac633c19f4ebfdede5375d4 (diff)
download	glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.gz glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.xz glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.zip