From 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 25 Feb 2011 20:49:48 -0500 Subject: Fix memory leak in dlopen with RTLD_NOLOAD. --- elf/Makefile | 6 +++++- elf/dl-close.c | 15 ++++++++++++--- elf/dl-deps.c | 2 +- elf/dl-load.c | 2 ++ elf/noload.c | 22 ++++++++++++++++------ 5 files changed, 36 insertions(+), 11 deletions(-) (limited to 'elf') diff --git a/elf/Makefile b/elf/Makefile index 36ea9b81dc..c427679c6b 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -213,7 +213,7 @@ endif ifeq (yesyes,$(have-fpie)$(build-shared)) tests: $(objpfx)tst-pie1.out endif -tests: $(objpfx)tst-leaks1-mem +tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes)) @@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so LDFLAGS-noload = -rdynamic $(objpfx)noload.out: $(objpfx)testobj5.so +$(objpfx)noload-mem: $(objpfx)noload.out + $(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@ +noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace + LDFLAGS-nodelete = -rdynamic LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete diff --git a/elf/dl-close.c b/elf/dl-close.c index f6d8dd313c..efb2b584f2 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -1,5 +1,5 @@ /* Close a shared object opened by `_dl_open'. - Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc. + Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map) if (map->l_direct_opencount > 0 || map->l_type != lt_loaded || dl_close_state != not_pending) { - if (map->l_direct_opencount == 0 && map->l_type == lt_loaded) - dl_close_state = rerun; + if (map->l_direct_opencount == 0) + { + if (map->l_type == lt_loaded) + dl_close_state = rerun; + else if (map->l_type == lt_library) + { + struct link_map **oldp = map->l_initfini; + map->l_initfini = map->l_orig_initfini; + _dl_scope_free (oldp); + } + } /* There are still references to this object. Do nothing more. */ if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)) diff --git a/elf/dl-deps.c b/elf/dl-deps.c index 5288353d8f..d3c27f14cc 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING")); _dl_scope_free (old_l_reldeps); } if (old_l_initfini != NULL) - _dl_scope_free (old_l_initfini); + map->l_orig_initfini = old_l_initfini; } diff --git a/elf/dl-load.c b/elf/dl-load.c index 41b5ce7691..1ad16a0d65 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp, { /* We are not supposed to load the object unless it is already loaded. So return now. */ + free (realname); __close (fd); return NULL; } @@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp, _dl_zerofd = _dl_sysdep_open_zero_fill (); if (_dl_zerofd == -1) { + free (realname); __close (fd); _dl_signal_error (errno, NULL, NULL, N_("cannot open zero fill device")); diff --git a/elf/noload.c b/elf/noload.c index 9281ec714c..bcc85efc27 100644 --- a/elf/noload.c +++ b/elf/noload.c @@ -1,20 +1,28 @@ #include #include +#include int main (void) { int result = 0; + void *p; + + mtrace (); /* First try to load an object which is a dependency. This should succeed. */ - if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL) + p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD); + if (p == NULL) { printf ("cannot open \"testobj1.so\": %s\n", dlerror ()); result = 1; } else - puts ("loading \"testobj1.so\" succeeded, OK"); + { + puts ("loading \"testobj1.so\" succeeded, OK"); + dlclose (p); + } /* Now try loading an object which is not already loaded. */ if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL) @@ -25,8 +33,6 @@ main (void) else { /* Load the object and run the same test again. */ - void *p; - puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK"); p = dlopen ("testobj5.so", RTLD_LAZY); @@ -41,13 +47,17 @@ main (void) { puts ("loading \"testobj5.so\" succeeded, OK"); - if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL) + void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD); + if (q == NULL) { printf ("cannot open \"testobj5.so\": %s\n", dlerror ()); result = 1; } else - puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK"); + { + puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK"); + dlclose (q); + } if (dlclose (p) != 0) { -- cgit 1.4.1