diff options
| author | Rich Felker <dalias@aerifal.cx> | 2019-02-15 14:20:49 -0500 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2019-02-15 14:20:49 -0500 | 
| commit | aa5a9d15e09851f7b4a1668e9dbde0f6234abada (patch) | |
| tree | 1076c36326a4f74ae9b98ca997c5bbb144289a04 /src | |
| parent | b2020571f07beaa9873ef0e5ade456b57b589042 (diff) | |
| download | musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.gz | |
defer free of thread-local dlerror buffers from inconsistent context
__dl_thread_cleanup is called from the context of an exiting thread
that is not in a consistent state valid for calling application code.
since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732, it's possible
(and supported usage) for the allocator to have been replaced by the
application, so __dl_thread_cleanup can no longer call free. instead,
reuse the message buffer as a linked-list pointer, and queue it to be
freed the next time any dynamic linker error message is generated.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ldso/dlerror.c | 22 | 
1 files changed, 20 insertions, 2 deletions
| diff --git a/src/ldso/dlerror.c b/src/ldso/dlerror.c index 06ed8542..3fcc7779 100644 --- a/src/ldso/dlerror.c +++ b/src/ldso/dlerror.c @@ -3,6 +3,7 @@  #include <stdarg.h>  #include "pthread_impl.h"  #include "dynlink.h" +#include "lock.h"  char *dlerror()  { @@ -16,21 +17,38 @@ char *dlerror()  		return s;  } +static volatile int freebuf_queue_lock[1]; +static void **freebuf_queue; +  void __dl_thread_cleanup(void)  {  	pthread_t self = __pthread_self(); -	if (self->dlerror_buf != (void *)-1) -		free(self->dlerror_buf); +	if (self->dlerror_buf && self->dlerror_buf != (void *)-1) { +		LOCK(freebuf_queue_lock); +		void **p = (void **)self->dlerror_buf; +		*p = freebuf_queue; +		freebuf_queue = p; +		UNLOCK(freebuf_queue_lock); +	}  }  hidden void __dl_vseterr(const char *fmt, va_list ap)  { +	LOCK(freebuf_queue_lock); +	while (freebuf_queue) { +		void **p = freebuf_queue; +		freebuf_queue = *p; +		free(p); +	} +	UNLOCK(freebuf_queue_lock); +  	va_list ap2;  	va_copy(ap2, ap);  	pthread_t self = __pthread_self();  	if (self->dlerror_buf != (void *)-1)  		free(self->dlerror_buf);  	size_t len = vsnprintf(0, 0, fmt, ap2); +	if (len < sizeof(void *)) len = sizeof(void *);  	va_end(ap2);  	char *buf = malloc(len+1);  	if (buf) { | 
