niansa-misc/musl
1
0
Fork 0
mirror of git://git.musl-libc.org/musl synced 2025-03-06 20:48:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix stale lock when allocation of ctor queue fails during dlopen

Browse source 
queue_ctors should not be called with the init_fini_lock held, since
it may longjmp out on allocation failure. this introduces a minor
TOCTOU race with p->constructed, but one already exists further down
anyway, and by design it's okay to run through the queue more than
once anyway. the only reason we bother to check p->constructed at all
is to avoid spurious failure of dlopen when the library is already
fully loaded and constructed.
This commit is contained in:
Rich Felker 2020-09-29 18:42:05 -04:00
parent 69a1b39019
commit 1efc8eb2c7
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ldso/dynlink.c
View file

@ -2055,8 +2055,9 @@ void *dlopen(const char *file, int mode)
load_deps(p);
extend_bfs_deps(p);
pthread_mutex_lock(&init_fini_lock);
if (!p->constructed) ctor_queue = queue_ctors(p);
int constructed = p->constructed;
pthread_mutex_unlock(&init_fini_lock);
if (!constructed) ctor_queue = queue_ctors(p);
if (!p->relocated && (mode & RTLD_LAZY)) {
prepare_lazy(p);
for (i=0; p->deps[i]; i++)