From aa5a9d15e09851f7b4a1668e9dbde0f6234abada Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Fri, 15 Feb 2019 14:20:49 -0500 Subject: defer free of thread-local dlerror buffers from inconsistent context __dl_thread_cleanup is called from the context of an exiting thread that is not in a consistent state valid for calling application code. since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732, it's possible (and supported usage) for the allocator to have been replaced by the application, so __dl_thread_cleanup can no longer call free. instead, reuse the message buffer as a linked-list pointer, and queue it to be freed the next time any dynamic linker error message is generated. --- src/ldso/dlerror.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/ldso/dlerror.c b/src/ldso/dlerror.c index 06ed8542..3fcc7779 100644 --- a/src/ldso/dlerror.c +++ b/src/ldso/dlerror.c @@ -3,6 +3,7 @@ #include #include "pthread_impl.h" #include "dynlink.h" +#include "lock.h" char *dlerror() { @@ -16,21 +17,38 @@ char *dlerror() return s; } +static volatile int freebuf_queue_lock[1]; +static void **freebuf_queue; + void __dl_thread_cleanup(void) { pthread_t self = __pthread_self(); - if (self->dlerror_buf != (void *)-1) - free(self->dlerror_buf); + if (self->dlerror_buf && self->dlerror_buf != (void *)-1) { + LOCK(freebuf_queue_lock); + void **p = (void **)self->dlerror_buf; + *p = freebuf_queue; + freebuf_queue = p; + UNLOCK(freebuf_queue_lock); + } } hidden void __dl_vseterr(const char *fmt, va_list ap) { + LOCK(freebuf_queue_lock); + while (freebuf_queue) { + void **p = freebuf_queue; + freebuf_queue = *p; + free(p); + } + UNLOCK(freebuf_queue_lock); + va_list ap2; va_copy(ap2, ap); pthread_t self = __pthread_self(); if (self->dlerror_buf != (void *)-1) free(self->dlerror_buf); size_t len = vsnprintf(0, 0, fmt, ap2); + if (len < sizeof(void *)) len = sizeof(void *); va_end(ap2); char *buf = malloc(len+1); if (buf) { -- cgit v1.2.1