diff mbox series

[1/2] elf: strdup() l_name if no realname [BZ #30100]

Message ID 20230215112110.2426646-2-stsp2@yandex.ru
State Superseded
Headers
Series implement dlmem() with audit extension |

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent

Commit Message

stsp Feb. 15, 2023, 11:21 a.m. UTC 
  _dl_close_worker() has this code:
      /* This name always is allocated.  */
      free (imap->l_name);

But in that particular case, while indeed being allocated, l_name
doesn't point to the start of an allocation:
  new = (struct link_map *) calloc (sizeof (*new) + audit_space
                                    + sizeof (struct link_map *)
                                    + sizeof (*newname) + libname_len, 1);
  ...
  new->l_symbolic_searchlist.r_list = (struct link_map **) ((char *) (new + 1)
                                                            + audit_space);

  new->l_libname = newname
    = (struct libname_list *) (new->l_symbolic_searchlist.r_list + 1);
  newname->name = (char *) memcpy (newname + 1, libname, libname_len);
  ...
  new->l_name = (char *) newname->name + libname_len - 1;

It therefore cannot be freed separately.
Use strdup() as a simple fix.

Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
---
 elf/dl-object.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Andreas Schwab Feb. 15, 2023, 12:35 p.m. UTC | #1 
On Feb 15 2023, Stas Sergeev via Libc-alpha wrote:

> diff --git a/elf/dl-object.c b/elf/dl-object.c
> index f1f2ec956c..c92daf37d1 100644
> --- a/elf/dl-object.c
> +++ b/elf/dl-object.c
> @@ -122,7 +122,7 @@ _dl_new_object (char *realname, const char *libname, int type,
>  #endif
>      new->l_name = realname;
>    else
> -    new->l_name = (char *) newname->name + libname_len - 1;
> +    new->l_name = __strdup ((char *) newname->name + libname_len - 1);

Since the point of that assignment is to create a pointer to an
allocated empty string, it would be better to make that explicit by
using __strdup (""), with a suitable adjustment of the comment.
stsp Feb. 15, 2023, 1:33 p.m. UTC | #2 
Hi,

15.02.2023 17:35, Andreas Schwab пишет:
> On Feb 15 2023, Stas Sergeev via Libc-alpha wrote:
>
>> diff --git a/elf/dl-object.c b/elf/dl-object.c
>> index f1f2ec956c..c92daf37d1 100644
>> --- a/elf/dl-object.c
>> +++ b/elf/dl-object.c
>> @@ -122,7 +122,7 @@ _dl_new_object (char *realname, const char *libname, int type,
>>   #endif
>>       new->l_name = realname;
>>     else
>> -    new->l_name = (char *) newname->name + libname_len - 1;
>> +    new->l_name = __strdup ((char *) newname->name + libname_len - 1);
> Since the point of that assignment is to create a pointer to an
> allocated empty string, it would be better to make that explicit by
> using __strdup (""), with a suitable adjustment of the comment.
Done and re-sent.
diff mbox series

Patch

diff --git a/elf/dl-object.c b/elf/dl-object.c
index f1f2ec956c..c92daf37d1 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -122,7 +122,7 @@  _dl_new_object (char *realname, const char *libname, int type,
 #endif
     new->l_name = realname;
   else
-    new->l_name = (char *) newname->name + libname_len - 1;
+    new->l_name = __strdup ((char *) newname->name + libname_len - 1);
 
   new->l_type = type;
   /* If we set the bit now since we know it is never used we avoid