aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@redhat.com>2011-02-25 20:49:48 -0500
committerUlrich Drepper <drepper@gmail.com>2011-02-25 20:49:48 -0500
commit4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 (patch)
treec66f1fa828edf1592d7f73c4200c16ae2996f8b5
parent661b9e2014b3964469198ce7697a1d0d06aa4882 (diff)
downloadglibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.zip
glibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.tar.gz
glibc-4bff6e0175ed195871f4e01cc4c4c33274b8f6e3.tar.bz2
Fix memory leak in dlopen with RTLD_NOLOAD.
-rw-r--r--ChangeLog18
-rw-r--r--NEWS2
-rw-r--r--elf/Makefile6
-rw-r--r--elf/dl-close.c15
-rw-r--r--elf/dl-deps.c2
-rw-r--r--elf/dl-load.c2
-rw-r--r--elf/noload.c22
-rw-r--r--include/link.h5
8 files changed, 59 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index c30fb5c..a60bf2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2011-02-23 Andreas Schwab <schwab@redhat.com>
+ Ulrich Drepper <drepper@gmail.com>
+
+ [BZ #12509]
+ * include/link.h (struct link_map): Add l_orig_initfini.
+ * elf/dl-load.c (_dl_map_object_from_fd): Free realname before
+ returning unsuccessfully.
+ * elf/dl-close.c (_dl_close_worker): If this is the last explicit
+ close of a file loaded at startup, restore the original l_initfini
+ list.
+ * elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini
+ list, store the pointer.
+ * elf/Makefile ($(objpfx)noload-mem): New rule.
+ (noload-ENV): Define.
+ (tests): Add $(objpfx)noload-mem.
+ * elf/noload.c: Include <memcheck.h>.
+ (main): Call mtrace. Close all opened handles.
+
2011-02-17 Andreas Schwab <schwab@redhat.com>
[BZ #12454]
diff --git a/NEWS b/NEWS
index e659e3a..38243c3 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.14
* The following bugs are resolved with this release:
- 11724, 12445, 12454, 12460, 12469, 12489
+ 11724, 12445, 12454, 12460, 12469, 12489, 12509
Version 2.13
diff --git a/elf/Makefile b/elf/Makefile
index 36ea9b8..c427679 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -213,7 +213,7 @@ endif
ifeq (yesyes,$(have-fpie)$(build-shared))
tests: $(objpfx)tst-pie1.out
endif
-tests: $(objpfx)tst-leaks1-mem
+tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes))
@@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
LDFLAGS-noload = -rdynamic
$(objpfx)noload.out: $(objpfx)testobj5.so
+$(objpfx)noload-mem: $(objpfx)noload.out
+ $(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
+noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
+
LDFLAGS-nodelete = -rdynamic
LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete
diff --git a/elf/dl-close.c b/elf/dl-close.c
index f6d8dd3..efb2b58 100644
--- a/elf/dl-close.c
+++ b/elf/dl-close.c
@@ -1,5 +1,5 @@
/* Close a shared object opened by `_dl_open'.
- Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
|| dl_close_state != not_pending)
{
- if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
- dl_close_state = rerun;
+ if (map->l_direct_opencount == 0)
+ {
+ if (map->l_type == lt_loaded)
+ dl_close_state = rerun;
+ else if (map->l_type == lt_library)
+ {
+ struct link_map **oldp = map->l_initfini;
+ map->l_initfini = map->l_orig_initfini;
+ _dl_scope_free (oldp);
+ }
+ }
/* There are still references to this object. Do nothing more. */
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
diff --git a/elf/dl-deps.c b/elf/dl-deps.c
index 5288353..d3c27f1 100644
--- a/elf/dl-deps.c
+++ b/elf/dl-deps.c
@@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
_dl_scope_free (old_l_reldeps);
}
if (old_l_initfini != NULL)
- _dl_scope_free (old_l_initfini);
+ map->l_orig_initfini = old_l_initfini;
}
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 41b5ce7..1ad16a0 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
{
/* We are not supposed to load the object unless it is already
loaded. So return now. */
+ free (realname);
__close (fd);
return NULL;
}
@@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
_dl_zerofd = _dl_sysdep_open_zero_fill ();
if (_dl_zerofd == -1)
{
+ free (realname);
__close (fd);
_dl_signal_error (errno, NULL, NULL,
N_("cannot open zero fill device"));
diff --git a/elf/noload.c b/elf/noload.c
index 9281ec7..bcc85ef 100644
--- a/elf/noload.c
+++ b/elf/noload.c
@@ -1,20 +1,28 @@
#include <dlfcn.h>
#include <stdio.h>
+#include <mcheck.h>
int
main (void)
{
int result = 0;
+ void *p;
+
+ mtrace ();
/* First try to load an object which is a dependency. This should
succeed. */
- if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+ p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
+ if (p == NULL)
{
printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
result = 1;
}
else
- puts ("loading \"testobj1.so\" succeeded, OK");
+ {
+ puts ("loading \"testobj1.so\" succeeded, OK");
+ dlclose (p);
+ }
/* Now try loading an object which is not already loaded. */
if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@@ -25,8 +33,6 @@ main (void)
else
{
/* Load the object and run the same test again. */
- void *p;
-
puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
p = dlopen ("testobj5.so", RTLD_LAZY);
@@ -41,13 +47,17 @@ main (void)
{
puts ("loading \"testobj5.so\" succeeded, OK");
- if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+ void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
+ if (q == NULL)
{
printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
result = 1;
}
else
- puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+ {
+ puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+ dlclose (q);
+ }
if (dlclose (p) != 0)
{
diff --git a/include/link.h b/include/link.h
index 9d1fc1a..e877104 100644
--- a/include/link.h
+++ b/include/link.h
@@ -1,6 +1,6 @@
/* Data structure for communication from the run-time dynamic linker for
loaded ELF shared objects.
- Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -240,6 +240,9 @@ struct link_map
/* List of object in order of the init and fini calls. */
struct link_map **l_initfini;
+ /* The init and fini list generated at startup, saved when the
+ object is also loaded dynamically. */
+ struct link_map **l_orig_initfini;
/* List of the dependencies introduced through symbol binding. */
struct link_map_reldeps