This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

[PATCH] Fix _dl_signal_error segfault

To: Ulrich Drepper <drepper at redhat dot com>
Subject: [PATCH] Fix _dl_signal_error segfault
From: Jakub Jelinek <jakub at redhat dot com>
Date: Sat, 9 Dec 2000 00:03:04 +0100
Cc: Glibc hackers <libc-hacker at sources dot redhat dot com>
Reply-To: Jakub Jelinek <jakub at redhat dot com>

Hi!

Recent patch to dl-error.c where objname is attempted to be allocated
after errstring breaks _dl_open. The issue is that when we free errstring in
_dl_open, objname is lost as well. This patch attempts to fix it (at least a
program dlopening a non-existant dso no longer segfaults under efence).
I've also changed _dl_signal_error, because if the recent patch to it was
necessary, then we really cannot store objname because that might be from
local stack/user passed, whatever and my change to _dl_open adds another
case where objname would point to nowhereland if malloc failed.

2000-12-08  Jakub Jelinek  <jakub@redhat.com>

	* elf/dl-open.c (_dl_open): If objname points right after errstring,
	allocate it together with errstring using alloca.
	* elf/dl-error.c (_dl_signal_error): If malloc failed, set objname
	to "", because it might point to local stack.

--- libc/elf/dl-error.c.jj	Thu Nov  2 08:50:59 2000
+++ libc/elf/dl-error.c	Fri Dec  8 14:55:54 2000
@@ -88,7 +88,7 @@ _dl_signal_error (int errcode, const cha
       else
 	{
 	  /* This is better than nothing.  */
-	  lcatch->objname = objname;
+	  lcatch->objname = "";
 	  lcatch->errstring = _dl_out_of_memory;
 	}
       longjmp (lcatch->env, errcode ?: -1);
--- libc/elf/dl-open.c.jj	Thu Nov  2 08:50:59 2000
+++ libc/elf/dl-open.c	Fri Dec  8 15:04:18 2000
@@ -391,6 +391,7 @@ _dl_open (const char *file, int mode, co
     {
       /* Some error occurred during loading.  */
       char *local_errstring;
+      size_t len_errstring;
 
       /* Remove the object from memory.  It may be in an inconsistent
 	 state if relocation failed, for example.  */
@@ -399,7 +400,20 @@ _dl_open (const char *file, int mode, co
 
       /* Make a local copy of the error string so that we can release the
 	 memory allocated for it.  */
-      local_errstring = strdupa (errstring);
+      len_errstring = strlen (errstring) + 1;
+      if (objname == errstring + len_errstring)
+	{
+	  len_errstring += strlen (objname) + 1;
+	  local_errstring = alloca (len_errstring);
+	  memcpy (local_errstring, errstring, len_errstring);
+	  objname = local_errstring + len_errstring;
+	}
+      else
+	{
+	  local_errstring = alloca (len_errstring);
+	  memcpy (local_errstring, errstring, len_errstring);
+	}
+
       if (errstring != _dl_out_of_memory)
 	free ((char *) errstring);
 

	Jakub

Follow-Ups:
- Re: [PATCH] Fix _dl_signal_error segfault
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]