reintroduce hardening against partially-replaced allocator

commit 618b18c78e33acfe54a4434e91aa57b8e171df89 removed the previous
detection and hardening since it was incorrect. commit
72141795d4edd17f88da192447395a48444afa10 already handled all that
remained for hardening the static-linked case. in the dynamic-linked
case, have the dynamic linker check whether malloc was replaced and
make that information available.

with these changes, the properties documented in commit
c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 are restored: if calloc is
not provided, it will behave as malloc+memset, and any of the
memalign-family functions not provided will fail with ENOMEM.

1 files changed, 9 insertions, 0 deletions

diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index 63e7b81f..cea5f452 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -134,6 +134,9 @@ static struct dso *const nodeps_dummy;
 struct debug *_dl_debug_addr = &debug;
 
 __attribute__((__visibility__("hidden")))
+extern int __malloc_replaced;
+
+__attribute__((__visibility__("hidden")))
 void (*const __init_array_start)(void)=0, (*const __fini_array_start)(void)=0;
 
 __attribute__((__visibility__("hidden")))
@@ -1691,6 +1694,12 @@ _Noreturn void __dls3(size_t *sp)
 	if (ldso_fail) _exit(127);
 	if (ldd_mode) _exit(0);
 
+	/* Determine if malloc was interposed by a replacement implementation
+	 * so that calloc and the memalign family can harden against the
+	 * possibility of incomplete replacement. */
+	if (find_sym(head, "malloc", 1).dso != &ldso)
+		__malloc_replaced = 1;
+
 	/* Switch to runtime mode: any further failures in the dynamic
 	 * linker are a reportable failure rather than a fatal startup
 	 * error. */