Fix memory leak in dlopen with RTLD_NOLOAD.

This commit is contained in:
Andreas Schwab 2011-02-25 20:49:48 -05:00 committed by Ulrich Drepper
parent 661b9e2014
commit 4bff6e0175
8 changed files with 59 additions and 13 deletions

View File

@ -1,3 +1,21 @@
2011-02-23 Andreas Schwab <schwab@redhat.com>
Ulrich Drepper <drepper@gmail.com>
[BZ #12509]
* include/link.h (struct link_map): Add l_orig_initfini.
* elf/dl-load.c (_dl_map_object_from_fd): Free realname before
returning unsuccessfully.
* elf/dl-close.c (_dl_close_worker): If this is the last explicit
close of a file loaded at startup, restore the original l_initfini
list.
* elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini
list, store the pointer.
* elf/Makefile ($(objpfx)noload-mem): New rule.
(noload-ENV): Define.
(tests): Add $(objpfx)noload-mem.
* elf/noload.c: Include <memcheck.h>.
(main): Call mtrace. Close all opened handles.
2011-02-17 Andreas Schwab <schwab@redhat.com>
[BZ #12454]

2
NEWS
View File

@ -9,7 +9,7 @@ Version 2.14
* The following bugs are resolved with this release:
11724, 12445, 12454, 12460, 12469, 12489
11724, 12445, 12454, 12460, 12469, 12489, 12509
Version 2.13

View File

@ -213,7 +213,7 @@ endif
ifeq (yesyes,$(have-fpie)$(build-shared))
tests: $(objpfx)tst-pie1.out
endif
tests: $(objpfx)tst-leaks1-mem
tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes))
@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
LDFLAGS-noload = -rdynamic
$(objpfx)noload.out: $(objpfx)testobj5.so
$(objpfx)noload-mem: $(objpfx)noload.out
$(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
LDFLAGS-nodelete = -rdynamic
LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete

View File

@ -1,5 +1,5 @@
/* Close a shared object opened by `_dl_open'.
Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc.
Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
|| dl_close_state != not_pending)
{
if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
if (map->l_direct_opencount == 0)
{
if (map->l_type == lt_loaded)
dl_close_state = rerun;
else if (map->l_type == lt_library)
{
struct link_map **oldp = map->l_initfini;
map->l_initfini = map->l_orig_initfini;
_dl_scope_free (oldp);
}
}
/* There are still references to this object. Do nothing more. */
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))

View File

@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
_dl_scope_free (old_l_reldeps);
}
if (old_l_initfini != NULL)
_dl_scope_free (old_l_initfini);
map->l_orig_initfini = old_l_initfini;
}

View File

@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
{
/* We are not supposed to load the object unless it is already
loaded. So return now. */
free (realname);
__close (fd);
return NULL;
}
@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
_dl_zerofd = _dl_sysdep_open_zero_fill ();
if (_dl_zerofd == -1)
{
free (realname);
__close (fd);
_dl_signal_error (errno, NULL, NULL,
N_("cannot open zero fill device"));

View File

@ -1,20 +1,28 @@
#include <dlfcn.h>
#include <stdio.h>
#include <mcheck.h>
int
main (void)
{
int result = 0;
void *p;
mtrace ();
/* First try to load an object which is a dependency. This should
succeed. */
if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
if (p == NULL)
{
printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
result = 1;
}
else
{
puts ("loading \"testobj1.so\" succeeded, OK");
dlclose (p);
}
/* Now try loading an object which is not already loaded. */
if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@ -25,8 +33,6 @@ main (void)
else
{
/* Load the object and run the same test again. */
void *p;
puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
p = dlopen ("testobj5.so", RTLD_LAZY);
@ -41,13 +47,17 @@ main (void)
{
puts ("loading \"testobj5.so\" succeeded, OK");
if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
if (q == NULL)
{
printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
result = 1;
}
else
{
puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
dlclose (q);
}
if (dlclose (p) != 0)
{

View File

@ -1,6 +1,6 @@
/* Data structure for communication from the run-time dynamic linker for
loaded ELF shared objects.
Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc.
Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@ -240,6 +240,9 @@ struct link_map
/* List of object in order of the init and fini calls. */
struct link_map **l_initfini;
/* The init and fini list generated at startup, saved when the
object is also loaded dynamically. */
struct link_map **l_orig_initfini;
/* List of the dependencies introduced through symbol binding. */
struct link_map_reldeps