From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 41094 invoked by alias); 31 Dec 2015 12:51:31 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 41078 invoked by uid 89); 31 Dec 2015 12:51:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=Demangle, 2.1.0, cur, 218 X-Spam-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: e24smtp01.br.ibm.com X-IBM-Helo: d24dlp02.br.ibm.com X-IBM-MailFrom: tuliom@linux.vnet.ibm.com X-IBM-RcptTo: libc-stable@sourceware.org From: "Tulio Magno Quites Machado Filho" To: libc-stable@sourceware.org Cc: Florian Weimer Subject: [COMMITTED 2.18] Harden tls_dtor_list with pointer mangling [BZ #19018] Date: Thu, 01 Jan 2015 00:00:00 -0000 Message-Id: <1451566083-22533-2-git-send-email-tuliom@linux.vnet.ibm.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1451566083-22533-1-git-send-email-tuliom@linux.vnet.ibm.com> References: <1451566083-22533-1-git-send-email-tuliom@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15123112-1524-0000-0000-0000048D82D6 X-SW-Source: 2015-12/txt/msg00019.txt.bz2 From: Florian Weimer (cherry picked from commit f586e1328681b400078c995a0bb6ad301ef73549) Conflicts: NEWS stdlib/cxa_thread_atexit_impl.c --- ChangeLog | 7 +++++++ NEWS | 2 +- stdlib/cxa_thread_atexit_impl.c | 12 ++++++++++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d90460f..14d95f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2015-12-30 Florian Weimer + [BZ #19018] + * stdlib/cxa_thread_atexit_impl.c (__cxa_thread_atexit_impl): + Mangle function pointer before storing it. + (__call_tls_dtors): Demangle function pointer before calling it. + +2015-12-30 Florian Weimer + [BZ #18928] * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove _dl_pointer_guard member. diff --git a/NEWS b/NEWS index d8e7c4d..52e77ee 100644 --- a/NEWS +++ b/NEWS @@ -10,7 +10,7 @@ Version 2.18.1 * The following bugs are resolved with this release: 15073, 15128, 15909, 15996, 16150, 16169, 16387, 16510, 16885, 16916, - 16943, 16958, 18928. + 16943, 16958, 18928, 19018. * The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. diff --git a/stdlib/cxa_thread_atexit_impl.c b/stdlib/cxa_thread_atexit_impl.c index dfd4c7e..6b7455d 100644 --- a/stdlib/cxa_thread_atexit_impl.c +++ b/stdlib/cxa_thread_atexit_impl.c @@ -42,6 +42,10 @@ static __thread struct link_map *lm_cache; int __cxa_thread_atexit_impl (dtor_func func, void *obj, void *dso_symbol) { +#ifdef PTR_MANGLE + PTR_MANGLE (func); +#endif + /* Prepend. */ struct dtor_list *new = calloc (1, sizeof (struct dtor_list)); new->func = func; @@ -83,9 +87,13 @@ __call_tls_dtors (void) while (tls_dtor_list) { struct dtor_list *cur = tls_dtor_list; - tls_dtor_list = tls_dtor_list->next; + dtor_func func = cur->func; +#ifdef PTR_DEMANGLE + PTR_DEMANGLE (func); +#endif - cur->func (cur->obj); + tls_dtor_list = tls_dtor_list->next; + func (cur->obj); __rtld_lock_lock_recursive (GL(dl_load_lock)); -- 2.1.0