From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9681-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 10973 invoked by alias); 23 Feb 2011 15:05:21 -0000
Received: (qmail 10953 invoked by uid 22791); 23 Feb 2011 15:05:20 -0000
X-SWARE-Spam-Status: No, hits=-6.2 required=5.0
	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)
    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 23 Feb 2011 15:05:11 +0000
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p1NF5AJ2012417
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <libc-hacker@sourceware.org>; Wed, 23 Feb 2011 10:05:10 -0500
Received: from hase (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p1NF58e9017462
	for <libc-hacker@sourceware.org>; Wed, 23 Feb 2011 10:05:09 -0500
From: Andreas Schwab <schwab@redhat.com>
To: libc-hacker@sourceware.org
Subject: [PATCH] Fix memory leak in dlopen with RTLD_NOLOAD
X-Yow: I'LL get it!!  It's probably a FEW of my ITALIAN GIRL-FRIENDS!!
Date: Wed, 23 Feb 2011 15:05:00 -0000
Message-ID: <m3r5ayeqqj.fsf@redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-hacker.sourceware.org>
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2011-02/txt/msg00004.txt.bz2

2011-02-23  Andreas Schwab  <schwab@redhat.com>

	[BZ #12509]
	* elf/dl-load.c (_dl_map_object_from_fd): Free realname before
	returning unsuccessfully.

	* elf/Makefile ($(objpfx)noload-mem): New rule.
	(noload-ENV): Define.
	(tests): Add $(objpfx)noload-mem.
	* elf/noload.c: Include <memcheck.h>.
	(main): Call mtrace.  Close all opened handles.
---
 elf/Makefile  |    6 +++++-
 elf/dl-load.c |    2 ++
 elf/noload.c  |   22 ++++++++++++++++------
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/elf/Makefile b/elf/Makefile
index b8a218d..051d4fb 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -216,7 +216,7 @@ ifeq (no,$(cross-compiling))
 ifeq (yesyes,$(have-fpie)$(build-shared))
 tests: $(objpfx)tst-pie1.out
 endif
-tests: $(objpfx)tst-leaks1-mem
+tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
 endif
 tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
@@ -688,6 +688,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
 LDFLAGS-noload = -rdynamic
 $(objpfx)noload.out: $(objpfx)testobj5.so
 
+$(objpfx)noload-mem: $(objpfx)noload.out
+	$(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
+noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
+
 LDFLAGS-nodelete = -rdynamic
 LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
 LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete
diff --git a/elf/dl-load.c b/elf/dl-load.c
index e9e3876..8ac0a7c 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
     {
       /* We are not supposed to load the object unless it is already
 	 loaded.  So return now.  */
+      free (realname);
       __close (fd);
       return NULL;
     }
@@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
       _dl_zerofd = _dl_sysdep_open_zero_fill ();
       if (_dl_zerofd == -1)
 	{
+	  free (realname);
 	  __close (fd);
 	  _dl_signal_error (errno, NULL, NULL,
 			    N_("cannot open zero fill device"));
diff --git a/elf/noload.c b/elf/noload.c
index 9281ec7..807e1c4 100644
--- a/elf/noload.c
+++ b/elf/noload.c
@@ -1,20 +1,28 @@
 #include <dlfcn.h>
 #include <stdio.h>
+#include <mcheck.h>
 
 int
 main (void)
 {
   int result = 0;
+  void *p, *q;
+
+  mtrace ();
 
   /* First try to load an object which is a dependency.  This should
      succeed.  */
-  if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+  p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
+  if (p == NULL)
     {
       printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
       result = 1;
     }
   else
-    puts ("loading \"testobj1.so\" succeeded, OK");
+    {
+      puts ("loading \"testobj1.so\" succeeded, OK");
+      dlclose (p);
+    }
 
   /* Now try loading an object which is not already loaded.  */
   if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@@ -25,8 +33,6 @@ main (void)
   else
     {
       /* Load the object and run the same test again.  */
-      void *p;
-
       puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
 
       p = dlopen ("testobj5.so", RTLD_LAZY);
@@ -41,13 +47,17 @@ main (void)
 	{
 	  puts ("loading \"testobj5.so\" succeeded, OK");
 
-	  if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+	  q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
+	  if (q == NULL)
 	    {
 	      printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
 	      result = 1;
 	    }
 	  else
-	    puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	    {
+	      puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+	      dlclose (q);
+	    }
 
 	  if (dlclose (p) != 0)
 	    {
-- 
1.7.4


-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."