This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Bogus code in dl-close.c in 2.0.7 and 2.1


Hi,

While working on the DL bug, I found some bogus codes in dl-close.c
in both glibc 2.0.7 and 2.1. The code below is supposed to remove
a shared object if it is on the global scope list.

          if (imap->l_global)
            {
              /* This object is in the global scope list.  Remove it.  */       
              struct link_map **tail = _dl_global_scope_end;
              do                                                    
                --tail; 
              while (*tail != imap);
              while (tail < _dl_global_scope_end)
                {                                        
                  tail[0] = tail[1];
                  ++tail;
                }                
              --_dl_global_scope_end;
            }

The problem is if we call dlopen () from a statically linked executable,
the shared object being loaded is always put on the global scope list
no matter what you do. Now when you call dlclose () on it, it is removed
from memory, but it is still on the global scope list if imap->l_global
is false. Now we get a problem. It gets even worse when we have
multiple calls to dlopen/dlclose at random order from a statically
linked executable. We should fix it for bothe 2.0.7 and 2.1.

Thanks.


-- 
H.J. Lu (hjl@gnu.org)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]