This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug dynamic-link/24476] __libc_freeres triggers bad free in libdl if dlerror was not used


https://sourceware.org/bugzilla/show_bug.cgi?id=24476

--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Mark Wielaard from comment #2)
> Proposed fix. Only free the memory if __libc_once (once, init) has been
> called.
> 
> diff --git a/dlfcn/dlerror.c b/dlfcn/dlerror.c
> index 2737658..41a41ee 100644
> --- a/dlfcn/dlerror.c
> +++ b/dlfcn/dlerror.c
> @@ -230,13 +230,16 @@ free_key_mem (void *mem)
>  void
>  __dlerror_main_freeres (void)
>  {
> -  void *mem;
> -  /* Free the global memory if used.  */
> -  check_free (&last_result);
> -  /* Free the TSD memory if used.  */
> -  mem = __libc_getspecific (key);
> -  if (mem != NULL)
> -    free_key_mem (mem);
> +  if (__libc_once_get (once))
> +    {
> +      void *mem;
> +      /* Free the global memory if used.  */
> +      check_free (&last_result);
> +      /* Free the TSD memory if used.  */
> +      mem = __libc_getspecific (key);
> +      if (mem != NULL)
> +       free_key_mem (mem);
> +    }
>  }
>  
>  struct dlfcn_hook *_dlfcn_hook __attribute__((nocommon));

I reviewed this on libc-alpha.

It isn't quite right, and I noticed a similar failure if the key fails to be
created.

I have suggested some changes for Mark to look at.

I think we're almost done though.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]