public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/14293] New: dlopen with non-existing RUNPATH causes double free
@ 2012-06-25 15:07 joamaki at gmail dot com
2012-07-09 11:15 ` [Bug dynamic-link/14293] " aj at suse dot de
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: joamaki at gmail dot com @ 2012-06-25 15:07 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14293
Bug #: 14293
Summary: dlopen with non-existing RUNPATH causes double free
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
AssignedTo: unassigned@sourceware.org
ReportedBy: joamaki@gmail.com
Classification: Unclassified
Created attachment 6479
--> http://sourceware.org/bugzilla/attachment.cgi?id=6479
Backtrace for test program
When calling dlopen with an executable with RUNPATH section
pointing to a non-existing path and LD_LIBRARY_PATH pointing to /lib
the application crashes due to a double free in open_path (elf/dl-load.c).
This was actually causing a production application to crash due to
some silly sod setting the LD_LIBRARY_PATH to /lib in startup scripts :-).
Attached is a backtrace for the following test program:
--
#include <dlfcn.h>
/**
* gcc dlopen_bug.c -o dlopen_bug -ldl -Wl,-rpath,/nonexisting_path
-Wl,--enable-new-dtags -g
*
* Run with:
* LD_LIBRARY_PATH=/lib ./dlopen_bug
*
* Replace /lib with path to directory containing ld.so,
* e.g. /lib/x86_64-linux-gnu on Debian/Ubuntu.
*/
int main()
{
dlopen("nonexisting.so", RTLD_LAZY);
}
--
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug dynamic-link/14293] dlopen with non-existing RUNPATH causes double free
2012-06-25 15:07 [Bug dynamic-link/14293] New: dlopen with non-existing RUNPATH causes double free joamaki at gmail dot com
@ 2012-07-09 11:15 ` aj at suse dot de
2013-04-11 7:24 ` schwab@linux-m68k.org
2014-06-13 14:59 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: aj at suse dot de @ 2012-07-09 11:15 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14293
Andreas Jaeger <aj at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #6479|application/octet-stream |text/plain
mime type| |
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug dynamic-link/14293] dlopen with non-existing RUNPATH causes double free
2012-06-25 15:07 [Bug dynamic-link/14293] New: dlopen with non-existing RUNPATH causes double free joamaki at gmail dot com
2012-07-09 11:15 ` [Bug dynamic-link/14293] " aj at suse dot de
@ 2013-04-11 7:24 ` schwab@linux-m68k.org
2014-06-13 14:59 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: schwab@linux-m68k.org @ 2013-04-11 7:24 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14293
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Target Milestone|--- |2.18
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> 2013-04-11 07:24:14 UTC ---
Fixed by 273cdee86d86e107c0eecef5614f57e37567b54e
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug dynamic-link/14293] dlopen with non-existing RUNPATH causes double free
2012-06-25 15:07 [Bug dynamic-link/14293] New: dlopen with non-existing RUNPATH causes double free joamaki at gmail dot com
2012-07-09 11:15 ` [Bug dynamic-link/14293] " aj at suse dot de
2013-04-11 7:24 ` schwab@linux-m68k.org
@ 2014-06-13 14:59 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 14:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14293
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-13 14:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-25 15:07 [Bug dynamic-link/14293] New: dlopen with non-existing RUNPATH causes double free joamaki at gmail dot com
2012-07-09 11:15 ` [Bug dynamic-link/14293] " aj at suse dot de
2013-04-11 7:24 ` schwab@linux-m68k.org
2014-06-13 14:59 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).