[Bug dynamic-link/13579] do_lookup_x may access dangling memory

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "aj at suse dot de" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Subject: [Bug dynamic-link/13579] do_lookup_x may access dangling memory
Date: Fri, 06 Apr 2012 07:00:00 -0000	[thread overview]
Message-ID: <bug-13579-131-W1KYKenUNP@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-13579-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=13579

--- Comment #6 from Andreas Jaeger <aj at suse dot de> 2012-04-06 06:59:07 UTC ---
Btw. to just fix the accessing of dangling memory, here's a simple (but broken)
patch with a comment to explain the problem that the current implementation
has:

===================================================================
--- glibc-2.11.3.orig/elf/dl-close.c    2011-05-27 15:08:23.000000000 +0200
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
            {
              struct link_map **oldp = map->l_initfini;
              map->l_initfini = map->l_orig_initfini;
-             _dl_scope_free (oldp);
+             /* We can't remove the l_initfini memory because
+                it's shared with l_searchlist.r_list.  We don't clear
+                the latter so when we dlopen this object again that
+                entry would point to stale memory.  And we don't want
+                to recompute it as it would involve a new call to
+                map_object_deps.
+             _dl_scope_free (oldp); */
            }
        }

This patch is broken since now oldp never gets freed and thus some tests fail.

The Fedora patch is AFAIK applying Andreas Schwab's initial patch that Ulrich
Drepper changed ontop of Ulrich's change (thus adding Andreas' initial version)

Here's a link to the initial patch
http://sourceware.org/ml/libc-hacker/2011-02/msg00004.html

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

next prev parent reply	other threads:[~2012-04-06  7:00 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-10  7:41 [Bug libc/13579] New: " ppluzhnikov at google dot com
2012-01-10  7:46 ` [Bug libc/13579] " ppluzhnikov at google dot com
2012-02-20  7:13 ` polacek at redhat dot com
2012-02-21  2:31 ` [Bug ld.so|libdl/13579] " jsm28 at gcc dot gnu.org
2012-03-28 14:18 ` [Bug dynamic-link/13579] " ppluzhnikov at google dot com
2012-03-28 14:34 ` carlos_odonell at mentor dot com
2012-03-28 16:53 ` vapier at gentoo dot org
2012-04-05 18:08 ` aj at suse dot de
2012-04-05 18:08 ` aj at suse dot de
2012-04-05 20:10 ` law at redhat dot com
2012-04-06  3:18 ` carlos_odonell at mentor dot com
2012-04-06  7:00 ` aj at suse dot de [this message]
2012-04-06  7:04 ` aj at suse dot de
2012-04-06  8:50 ` carlos_odonell at mentor dot com
2012-04-06 11:27 ` aj at suse dot de
2012-04-21 20:41 ` carlos_odonell at mentor dot com
2012-04-21 20:42 ` carlos_odonell at mentor dot com
2012-04-22 13:27 ` carlos_odonell at mentor dot com
2012-04-22 19:27 ` carlos_odonell at mentor dot com
2012-05-01 21:59 ` matthew at linuxfromscratch dot org
2012-05-02 10:55 ` aj at suse dot de
2012-05-09 10:36 ` allan at archlinux dot org
2012-06-21  9:44 ` markus at trippelsdorf dot de
2012-06-21 13:32 ` carlos_odonell at mentor dot com
2012-06-21 13:59 ` aj at suse dot de
2012-06-22 20:56 ` carlos_odonell at mentor dot com
2013-02-12  1:36 ` gauryogesh.nsit at gmail dot com
2013-02-21 11:46 ` bharath.vegito at gmail dot com
2014-01-30 18:07 ` cvs-commit at gcc dot gnu.org
2014-02-16 19:20 ` jackie.rosen at hushmail dot com
2014-05-28 19:46 ` schwab at sourceware dot org
2014-05-28 19:47 ` schwab at sourceware dot org
2014-06-13 15:00 ` fweimer at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-13579-131-W1KYKenUNP@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sources.redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).