Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix memory leak in dlopen with RTLD_NOLOAD.
  • Loading branch information
Andreas Schwab authored and Ulrich Drepper committed Feb 26, 2011
1 parent 661b9e2 commit 4bff6e0
Show file tree
Hide file tree
Showing 8 changed files with 59 additions and 13 deletions.
18 changes: 18 additions & 0 deletions ChangeLog
@@ -1,3 +1,21 @@
2011-02-23 Andreas Schwab <schwab@redhat.com>
Ulrich Drepper <drepper@gmail.com>

[BZ #12509]
* include/link.h (struct link_map): Add l_orig_initfini.
* elf/dl-load.c (_dl_map_object_from_fd): Free realname before
returning unsuccessfully.
* elf/dl-close.c (_dl_close_worker): If this is the last explicit
close of a file loaded at startup, restore the original l_initfini
list.
* elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini
list, store the pointer.
* elf/Makefile ($(objpfx)noload-mem): New rule.
(noload-ENV): Define.
(tests): Add $(objpfx)noload-mem.
* elf/noload.c: Include <memcheck.h>.
(main): Call mtrace. Close all opened handles.

2011-02-17 Andreas Schwab <schwab@redhat.com>

[BZ #12454]
Expand Down
2 changes: 1 addition & 1 deletion NEWS
Expand Up @@ -9,7 +9,7 @@ Version 2.14

* The following bugs are resolved with this release:

11724, 12445, 12454, 12460, 12469, 12489
11724, 12445, 12454, 12460, 12469, 12489, 12509

Version 2.13

Expand Down
6 changes: 5 additions & 1 deletion elf/Makefile
Expand Up @@ -213,7 +213,7 @@ endif
ifeq (yesyes,$(have-fpie)$(build-shared))
tests: $(objpfx)tst-pie1.out
endif
tests: $(objpfx)tst-leaks1-mem
tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes))
Expand Down Expand Up @@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so
LDFLAGS-noload = -rdynamic
$(objpfx)noload.out: $(objpfx)testobj5.so

$(objpfx)noload-mem: $(objpfx)noload.out
$(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace

LDFLAGS-nodelete = -rdynamic
LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete
Expand Down
15 changes: 12 additions & 3 deletions elf/dl-close.c
@@ -1,5 +1,5 @@
/* Close a shared object opened by `_dl_open'.
Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc.
Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
Expand Down Expand Up @@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
|| dl_close_state != not_pending)
{
if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
dl_close_state = rerun;
if (map->l_direct_opencount == 0)
{
if (map->l_type == lt_loaded)
dl_close_state = rerun;
else if (map->l_type == lt_library)
{
struct link_map **oldp = map->l_initfini;
map->l_initfini = map->l_orig_initfini;
_dl_scope_free (oldp);
}
}

/* There are still references to this object. Do nothing more. */
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
Expand Down
2 changes: 1 addition & 1 deletion elf/dl-deps.c
Expand Up @@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
_dl_scope_free (old_l_reldeps);
}
if (old_l_initfini != NULL)
_dl_scope_free (old_l_initfini);
map->l_orig_initfini = old_l_initfini;
}
2 changes: 2 additions & 0 deletions elf/dl-load.c
Expand Up @@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
{
/* We are not supposed to load the object unless it is already
loaded. So return now. */
free (realname);
__close (fd);
return NULL;
}
Expand All @@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
_dl_zerofd = _dl_sysdep_open_zero_fill ();
if (_dl_zerofd == -1)
{
free (realname);
__close (fd);
_dl_signal_error (errno, NULL, NULL,
N_("cannot open zero fill device"));
Expand Down
22 changes: 16 additions & 6 deletions elf/noload.c
@@ -1,20 +1,28 @@
#include <dlfcn.h>
#include <stdio.h>
#include <mcheck.h>

int
main (void)
{
int result = 0;
void *p;

mtrace ();

/* First try to load an object which is a dependency. This should
succeed. */
if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
if (p == NULL)
{
printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
result = 1;
}
else
puts ("loading \"testobj1.so\" succeeded, OK");
{
puts ("loading \"testobj1.so\" succeeded, OK");
dlclose (p);
}

/* Now try loading an object which is not already loaded. */
if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
Expand All @@ -25,8 +33,6 @@ main (void)
else
{
/* Load the object and run the same test again. */
void *p;

puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");

p = dlopen ("testobj5.so", RTLD_LAZY);
Expand All @@ -41,13 +47,17 @@ main (void)
{
puts ("loading \"testobj5.so\" succeeded, OK");

if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
if (q == NULL)
{
printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
result = 1;
}
else
puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
{
puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
dlclose (q);
}

if (dlclose (p) != 0)
{
Expand Down
5 changes: 4 additions & 1 deletion include/link.h
@@ -1,6 +1,6 @@
/* Data structure for communication from the run-time dynamic linker for
loaded ELF shared objects.
Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc.
Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
Expand Down Expand Up @@ -240,6 +240,9 @@ struct link_map

/* List of object in order of the init and fini calls. */
struct link_map **l_initfini;
/* The init and fini list generated at startup, saved when the
object is also loaded dynamically. */
struct link_map **l_orig_initfini;

/* List of the dependencies introduced through symbol binding. */
struct link_map_reldeps
Expand Down

0 comments on commit 4bff6e0

Please sign in to comment.