From 0479b305c5b7c8e3fa8e3002982cf8cac02b842e Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 22 Jun 2012 11:10:31 -0700 Subject: Fix invalid memory access in do_lookup_x. [BZ #13579] Do not free l_initfini and allow it to be reused on subsequent dl_open calls for the same library. This fixes the invalid memory access in do_lookup_x when the previously free'd l_initfini was accessed through l_searchlist when a library had been opened for the second time. --- elf/dl-deps.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'elf/dl-deps.c') diff --git a/elf/dl-deps.c b/elf/dl-deps.c index 69aec461fb..2ae496d7b5 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -1,6 +1,5 @@ /* Load the dependencies of a mapped object. - Copyright (C) 1996-2003, 2004-2007, 2010-2012 - Free Software Foundation, Inc. + Copyright (C) 1996-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -488,6 +487,7 @@ _dl_map_object_deps (struct link_map *map, nneeded * sizeof needed[0]); atomic_write_barrier (); l->l_initfini = l_initfini; + l->l_free_initfini = 1; } /* If we have no auxiliary objects just go on to the next map. */ @@ -688,6 +688,7 @@ Filters not supported with LD_TRACE_PRELINKING")); l_initfini[nlist] = NULL; atomic_write_barrier (); map->l_initfini = l_initfini; + map->l_free_initfini = 1; if (l_reldeps != NULL) { atomic_write_barrier (); @@ -696,7 +697,7 @@ Filters not supported with LD_TRACE_PRELINKING")); _dl_scope_free (old_l_reldeps); } if (old_l_initfini != NULL) - map->l_orig_initfini = old_l_initfini; + _dl_scope_free (old_l_initfini); if (errno_reason) _dl_signal_error (errno_reason == -1 ? 0 : errno_reason, objname, -- cgit v1.2.1