From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 19AEB398B843; Wed, 21 Apr 2021 19:40:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 19AEB398B843
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/24773] dlerror in an secondary namespace does not
 use the right free implementation
Date: Wed, 21 Apr 2021 19:40:55 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: dynamic-link
X-Bugzilla-Version: 2.30
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fweimer at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: 2.34
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields: target_milestone bug_status assigned_to resolution
 cc see_also
Message-ID: <bug-24773-131-DTsWof4dIR@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-24773-131@http.sourceware.org/bugzilla/>
References: <bug-24773-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: glibc-bugs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-bugs mailing list <glibc-bugs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-bugs/>
List-Help: <mailto:glibc-bugs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 19:40:55 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D24773

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.34
             Status|NEW                         |RESOLVED
           Assignee|unassigned at sourceware dot org   |fweimer at redhat d=
ot com
         Resolution|---                         |FIXED
                 CC|                            |fweimer at redhat dot com
           See Also|                            |https://sourceware.org/bugz
                   |                            |illa/show_bug.cgi?id=3D247=
76

--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.34 via:

commit fada9018199c21c469ff0e731ef75c6020074ac9
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 21 19:49:51 2021 +0200

    dlfcn: dlerror needs to call free from the base namespace [BZ #24773]

    Calling free directly may end up freeing a pointer allocated by the
    dynamic loader using malloc from libc.so in the base namespace using
    the allocator from libc.so in a secondary namespace, which results in
    crashes.

    This commit redirects the free call through GLRO and the dynamic
    linker, to reach the correct namespace.  It also cleans up the dlerror
    handling along the way, so that pthread_setspecific is no longer
    needed (which avoids triggering bug 24774).

The reference to the bug is incorrect, it should be bug 24776.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=