forked from pool/glibc
257877d3c3
Fix crash (access-after-free) in dl_lookup_x. [bnc#703140] OBS-URL: https://build.opensuse.org/request/show/79220 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=89
20 lines
801 B
Diff
20 lines
801 B
Diff
Index: glibc-2.11.3/elf/dl-close.c
|
|
===================================================================
|
|
--- glibc-2.11.3.orig/elf/dl-close.c 2011-05-27 15:08:23.000000000 +0200
|
|
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
|
|
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
|
|
{
|
|
struct link_map **oldp = map->l_initfini;
|
|
map->l_initfini = map->l_orig_initfini;
|
|
- _dl_scope_free (oldp);
|
|
+ /* We can't remove the l_initfini memory because
|
|
+ it's shared with l_searchlist.r_list. We don't clear
|
|
+ the latter so when we dlopen this object again that
|
|
+ entry would point to stale memory. And we don't want
|
|
+ to recompute it as it would involve a new call to
|
|
+ map_object_deps.
|
|
+ _dl_scope_free (oldp); */
|
|
}
|
|
}
|
|
|