From 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 25 Feb 2011 20:49:48 -0500 Subject: [PATCH] Fix memory leak in dlopen with RTLD_NOLOAD. --- ChangeLog | 18 ++++++++++++++++++ NEWS | 2 +- elf/Makefile | 6 +++++- elf/dl-close.c | 15 ++++++++++++--- elf/dl-deps.c | 2 +- elf/dl-load.c | 2 ++ elf/noload.c | 22 ++++++++++++++++------ include/link.h | 5 ++++- 8 files changed, 59 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index c30fb5c..a60bf2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,21 @@ +2011-02-23 Andreas Schwab + Ulrich Drepper + + [BZ #12509] + * include/link.h (struct link_map): Add l_orig_initfini. + * elf/dl-load.c (_dl_map_object_from_fd): Free realname before + returning unsuccessfully. + * elf/dl-close.c (_dl_close_worker): If this is the last explicit + close of a file loaded at startup, restore the original l_initfini + list. + * elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini + list, store the pointer. + * elf/Makefile ($(objpfx)noload-mem): New rule. + (noload-ENV): Define. + (tests): Add $(objpfx)noload-mem. + * elf/noload.c: Include . + (main): Call mtrace. Close all opened handles. + 2011-02-17 Andreas Schwab [BZ #12454] diff --git a/NEWS b/NEWS index e659e3a..38243c3 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ Version 2.14 * The following bugs are resolved with this release: - 11724, 12445, 12454, 12460, 12469, 12489 + 11724, 12445, 12454, 12460, 12469, 12489, 12509 Version 2.13 diff --git a/elf/Makefile b/elf/Makefile index 36ea9b8..c427679 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -213,7 +213,7 @@ endif ifeq (yesyes,$(have-fpie)$(build-shared)) tests: $(objpfx)tst-pie1.out endif -tests: $(objpfx)tst-leaks1-mem +tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 tlsmod17a-modules = $(addprefix tst-tlsmod17a, $(tlsmod17a-suffixes)) @@ -680,6 +680,10 @@ $(objpfx)noload: $(objpfx)testobj1.so $(common-objpfx)dlfcn/libdl.so LDFLAGS-noload = -rdynamic $(objpfx)noload.out: $(objpfx)testobj5.so +$(objpfx)noload-mem: $(objpfx)noload.out + $(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@ +noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace + LDFLAGS-nodelete = -rdynamic LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete diff --git a/elf/dl-close.c b/elf/dl-close.c index f6d8dd3..efb2b58 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -1,5 +1,5 @@ /* Close a shared object opened by `_dl_open'. - Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc. + Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map) if (map->l_direct_opencount > 0 || map->l_type != lt_loaded || dl_close_state != not_pending) { - if (map->l_direct_opencount == 0 && map->l_type == lt_loaded) - dl_close_state = rerun; + if (map->l_direct_opencount == 0) + { + if (map->l_type == lt_loaded) + dl_close_state = rerun; + else if (map->l_type == lt_library) + { + struct link_map **oldp = map->l_initfini; + map->l_initfini = map->l_orig_initfini; + _dl_scope_free (oldp); + } + } /* There are still references to this object. Do nothing more. */ if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)) diff --git a/elf/dl-deps.c b/elf/dl-deps.c index 5288353..d3c27f1 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -686,5 +686,5 @@ Filters not supported with LD_TRACE_PRELINKING")); _dl_scope_free (old_l_reldeps); } if (old_l_initfini != NULL) - _dl_scope_free (old_l_initfini); + map->l_orig_initfini = old_l_initfini; } diff --git a/elf/dl-load.c b/elf/dl-load.c index 41b5ce7..1ad16a0 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -894,6 +894,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp, { /* We are not supposed to load the object unless it is already loaded. So return now. */ + free (realname); __close (fd); return NULL; } @@ -912,6 +913,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp, _dl_zerofd = _dl_sysdep_open_zero_fill (); if (_dl_zerofd == -1) { + free (realname); __close (fd); _dl_signal_error (errno, NULL, NULL, N_("cannot open zero fill device")); diff --git a/elf/noload.c b/elf/noload.c index 9281ec7..bcc85ef 100644 --- a/elf/noload.c +++ b/elf/noload.c @@ -1,20 +1,28 @@ #include #include +#include int main (void) { int result = 0; + void *p; + + mtrace (); /* First try to load an object which is a dependency. This should succeed. */ - if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL) + p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD); + if (p == NULL) { printf ("cannot open \"testobj1.so\": %s\n", dlerror ()); result = 1; } else - puts ("loading \"testobj1.so\" succeeded, OK"); + { + puts ("loading \"testobj1.so\" succeeded, OK"); + dlclose (p); + } /* Now try loading an object which is not already loaded. */ if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL) @@ -25,8 +33,6 @@ main (void) else { /* Load the object and run the same test again. */ - void *p; - puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK"); p = dlopen ("testobj5.so", RTLD_LAZY); @@ -41,13 +47,17 @@ main (void) { puts ("loading \"testobj5.so\" succeeded, OK"); - if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL) + void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD); + if (q == NULL) { printf ("cannot open \"testobj5.so\": %s\n", dlerror ()); result = 1; } else - puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK"); + { + puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK"); + dlclose (q); + } if (dlclose (p) != 0) { diff --git a/include/link.h b/include/link.h index 9d1fc1a..e877104 100644 --- a/include/link.h +++ b/include/link.h @@ -1,6 +1,6 @@ /* Data structure for communication from the run-time dynamic linker for loaded ELF shared objects. - Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc. + Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -240,6 +240,9 @@ struct link_map /* List of object in order of the init and fini calls. */ struct link_map **l_initfini; + /* The init and fini list generated at startup, saved when the + object is also loaded dynamically. */ + struct link_map **l_orig_initfini; /* List of the dependencies introduced through symbol binding. */ struct link_map_reldeps -- 2.7.4