aboutsummaryrefslogtreecommitdiff
path: root/elf/rtld.c
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@redhat.com>2012-06-22 11:10:31 -0700
committerCarlos O'Donell <carlos_odonell@mentor.com>2012-06-22 11:10:31 -0700
commit0479b305c5b7c8e3fa8e3002982cf8cac02b842e (patch)
treef72a6cb6c122c086d6e7b5989e9d746c0c3431a1 /elf/rtld.c
parent0e3933b96344ab9c0ac633c19f4ebfdede5375d4 (diff)
downloadglibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.zip
glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.gz
glibc-0479b305c5b7c8e3fa8e3002982cf8cac02b842e.tar.bz2
Fix invalid memory access in do_lookup_x.
[BZ #13579] Do not free l_initfini and allow it to be reused on subsequent dl_open calls for the same library. This fixes the invalid memory access in do_lookup_x when the previously free'd l_initfini was accessed through l_searchlist when a library had been opened for the second time.
Diffstat (limited to 'elf/rtld.c')
-rw-r--r--elf/rtld.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c
index a5b0ab9..6bcf224 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2292,6 +2292,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
lnp->dont_free = 1;
lnp = lnp->next;
}
+ /* Also allocated with the fake malloc(). */
+ l->l_free_initfini = 0;
if (l != &GL(dl_rtld_map))
_dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,