summaryrefslogtreecommitdiff
path: root/ldso/libdl
diff options
context:
space:
mode:
authorJoakim Tjernlund <joakim.tjernlund@transmode.se>2005-08-24 17:29:05 +0000
committerJoakim Tjernlund <joakim.tjernlund@transmode.se>2005-08-24 17:29:05 +0000
commit30d5d27e60802c0443bcdeb620d3ecbac90b7fc0 (patch)
tree660b8ba6869c58acc1b7e711c8ac4ae6bcd2d674 /ldso/libdl
parentb1ce9e53a3e6b06267fee6d7b86ab7f5f5ba0f80 (diff)
Frank Mehnert writes:
I use an implementation for malloc()/free() which is sensible about using data after freed. In libdl.c, rpnt1->next->next is accessed after rpnt1->next is freed. Attached patch fixes that problem.
Diffstat (limited to 'ldso/libdl')
-rw-r--r--ldso/libdl/libdl.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/ldso/libdl/libdl.c b/ldso/libdl/libdl.c
index 08952094c..f8f90dfb7 100644
--- a/ldso/libdl/libdl.c
+++ b/ldso/libdl/libdl.c
@@ -452,7 +452,7 @@ void *dlsym(void *vhandle, const char *name)
static int do_dlclose(void *vhandle, int need_fini)
{
- struct dyn_elf *rpnt, *rpnt1;
+ struct dyn_elf *rpnt, *rpnt1, *rpnt1_tmp;
struct init_fini_list *runp, *tmp;
ElfW(Phdr) *ppnt;
struct elf_resolve *tpnt, *run_tpnt;
@@ -541,8 +541,9 @@ static int do_dlclose(void *vhandle, int need_fini)
for (rpnt1 = _dl_symbol_tables; rpnt1->next; rpnt1 = rpnt1->next) {
if (rpnt1->next->dyn == tpnt) {
_dl_if_debug_print("removing symbol_tables: %s\n", tpnt->libname);
+ rpnt1_tmp = rpnt1->next->next;
free(rpnt1->next);
- rpnt1->next = rpnt1->next->next;
+ rpnt1->next = rpnt1_tmp;
if (rpnt1->next)
rpnt1->next->prev = rpnt1;
break;