This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/24476] __libc_freeres triggers bad free in libdl if dlerror was not used
- From: "mark at klomp dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 09 May 2019 14:37:46 +0000
- Subject: [Bug dynamic-link/24476] __libc_freeres triggers bad free in libdl if dlerror was not used
- Auto-submitted: auto-generated
- References: <bug-24476-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=24476
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2019-05-09
CC| |mark at klomp dot org
Ever confirmed|0 |1
--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
Proposed fix. Only free the memory if __libc_once (once, init) has been called.
diff --git a/dlfcn/dlerror.c b/dlfcn/dlerror.c
index 2737658..41a41ee 100644
--- a/dlfcn/dlerror.c
+++ b/dlfcn/dlerror.c
@@ -230,13 +230,16 @@ free_key_mem (void *mem)
void
__dlerror_main_freeres (void)
{
- void *mem;
- /* Free the global memory if used. */
- check_free (&last_result);
- /* Free the TSD memory if used. */
- mem = __libc_getspecific (key);
- if (mem != NULL)
- free_key_mem (mem);
+ if (__libc_once_get (once))
+ {
+ void *mem;
+ /* Free the global memory if used. */
+ check_free (&last_result);
+ /* Free the TSD memory if used. */
+ mem = __libc_getspecific (key);
+ if (mem != NULL)
+ free_key_mem (mem);
+ }
}
struct dlfcn_hook *_dlfcn_hook __attribute__((nocommon));
--
You are receiving this mail because:
You are on the CC list for the bug.