This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
As http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214569
testcase shows, ld.so segfaults when --inhibit-rpath is used.
The problem is that for objects on the inhibit_rpath list, decompose_rpath
sets dirs to a one entry array containing NULL, but for this
cache_rpath returns there is rpath and open_path and add_path
both rely that the NULL terminated array of pointers (sps->dirs)
contains at least one element (both use do ... while (*dirs != NULL)
style loops etc.). sps->dirs = (void *) -1 is used elsewhere to say
the rpath has been cached, but is unavailable. But, even cache_rpath
which called decompose_rpath needs to return false in that case.
Alternatively, we could analyze all places where sps->dirs is used and
make it handle sps->dirs != NULL && sps->dirs != (void *) -1 && sps->dirs[0] == NULL
case the same way as sps->dirs == (void *) -1. But, having two different
ways to tell the same thing sounds wrong to me.
2006-11-08 Jakub Jelinek <jakub@redhat.com>
* elf/dl-load.c (decompose_rpath): Return bool rather than void.
If l->l_name is on inhibit_rpath list, set sps->dirs to -1 and
return false, otherwise return true.
(cache_rpath): Return decompose_rpath return value.
--- libc/elf/dl-load.c.jj 2006-10-31 23:08:30.000000000 +0100
+++ libc/elf/dl-load.c 2006-11-08 16:14:44.000000000 +0100
@@ -511,7 +511,7 @@ fillin_rpath (char *rpath, struct r_sear
}
-static void
+static bool
internal_function
decompose_rpath (struct r_search_path_struct *sps,
const char *rpath, struct link_map *l, const char *what)
@@ -546,19 +546,8 @@ decompose_rpath (struct r_search_path_st
{
/* This object is on the list of objects for which the
RUNPATH and RPATH must not be used. */
- result = calloc (1, sizeof *result);
- if (result == NULL)
- {
- signal_error_cache:
- errstring = N_("cannot create cache for search path");
- signal_error:
- _dl_signal_error (ENOMEM, NULL, NULL, errstring);
- }
-
- sps->dirs = result;
- sps->malloced = 1;
-
- return;
+ sps->dirs = (void *) -1;
+ return false;
}
while (*inhp != '\0')
@@ -588,7 +577,11 @@ decompose_rpath (struct r_search_path_st
result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
* sizeof (*result));
if (result == NULL)
- goto signal_error_cache;
+ {
+ errstring = N_("cannot create cache for search path");
+ signal_error:
+ _dl_signal_error (ENOMEM, NULL, NULL, errstring);
+ }
fillin_rpath (copy, result, ":", 0, what, where);
@@ -599,6 +592,7 @@ decompose_rpath (struct r_search_path_st
sps->dirs = result;
/* The caller will change this value if we haven't used a real malloc. */
sps->malloced = 1;
+ return true;
}
/* Make sure cached path information is stored in *SP
@@ -623,10 +617,9 @@ cache_rpath (struct link_map *l,
}
/* Make sure the cache information is available. */
- decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
- + l->l_info[tag]->d_un.d_val),
- l, what);
- return true;
+ return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
+ + l->l_info[tag]->d_un.d_val),
+ l, what);
}
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |