About the dll search algorithm of dlopen (patch-r3)

Michael Haubenwallner michael.haubenwallner@ssi-schaefer.com
Fri Aug 26 14:08:00 GMT 2016

On 08/26/2016 12:59 PM, Corinna Vinschen wrote:
> Hi Michael,
> On Aug 25 19:48, Michael Haubenwallner wrote:
>> Using tmp_pathbuf now, wrapped behind some trivial allocator - which
>> might fit better somewhere else than to dlfcn.cc?
>> BTW: Is it really intended for tmp_pathbuf to have a single active
>> instance (per thread) at a time?
> Well, yes.  tmp_pathbuf is meant to be initialized on function entry
> (more or less, depends).  It's supposed to exist only once per frame.
> When the frame goes out of scope, the tmp_pathbuf usage counter is
> restored to the values of the parent frame.
>> +   ATTENTION: Requesting memory from an instance of tmp_pathbuf breaks
>> +   when another instance on a newer stack frame has provided memory. */
> I don't understand this comment, though.

Problem is that while the second tmp_pathbuf is constructed,
the first tmp_pathbuf must not be asked for another buffer,
because destructing the second tmp_pathbuf will reset the
tls.counter to what it was before constructing the second,
causing the first tmp_pathbuf to return buffers *again* which
it may have returned already while the second one was alive.

I've had something like this scope flow breaking, where pathfinder
used tmp_pathbuf tpF as its own instance, while the local stack
used tmp_pathbuf tpL:

  pathfinder finder (w_buf_old=0);   // tls.w_cnt is 0
  finder.add_some_dirs(...);         // tls.w_cnt is 1 now (by tpF)
    tmp_pathbuf tpL (w_buf_old=1);   // tls.w_cnt is 1 still
    finder.add_some_dirs(...);       // tls.w_cnt is 2 now (by tpF)
    PWCHAR exewname = tpL.w_get ();  // tls.w_cnt is 3 now (by tpL)
    GetModuleFileNameW ( exewname );
    finder.add_dir (from exewname);  // tls.w_cnt is 4 now (by tpF)
  } // destruct tpL (w_buf_old==1)   // tls.w_cnt is 1 now (restored by ~tpL)
  finder.add_some_dirs(...);         // tls.w_cnt is 2 now (tpF already returned that above)
  // here the memory provided by tpF since first time tls.w_cnt=2
  // is overwritten due to tpF returning the same buffers again!


More information about the Cygwin-developers mailing list