diff mbox series

[1/3] elf: strdup() l_name if no realname [BZ #30100]

Message ID 20230215165541.1107137-2-stsp2@yandex.ru
State Superseded
Delegated to: Carlos O'Donell
Headers
Series implement dlmem() with audit extensions |

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent

Commit Message

stsp Feb. 15, 2023, 4:55 p.m. UTC 
  _dl_close_worker() has this code:
      /* This name always is allocated.  */
      free (imap->l_name);

But in that particular case, while indeed being allocated, l_name
doesn't point to the start of an allocation:
  new = (struct link_map *) calloc (sizeof (*new) + audit_space
                                    + sizeof (struct link_map *)
                                    + sizeof (*newname) + libname_len, 1);
  ...
  new->l_symbolic_searchlist.r_list = (struct link_map **) ((char *) (new + 1)
                                                            + audit_space);

  new->l_libname = newname
    = (struct libname_list *) (new->l_symbolic_searchlist.r_list + 1);
  newname->name = (char *) memcpy (newname + 1, libname, libname_len);
  ...
  new->l_name = (char *) newname->name + libname_len - 1;

It therefore cannot be freed separately.
Use strdup("") as a simple fix.

Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
---
 elf/dl-object.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/elf/dl-object.c b/elf/dl-object.c
index f1f2ec956c..ab926cd4bf 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -122,7 +122,10 @@  _dl_new_object (char *realname, const char *libname, int type,
 #endif
     new->l_name = realname;
   else
-    new->l_name = (char *) newname->name + libname_len - 1;
+    /* When realname="", it is not allocated and points to the constant
+       string. Constness is dropped by an explicit cast. :(
+       So strdup() it here. */
+    new->l_name = __strdup ("");
 
   new->l_type = type;
   /* If we set the bit now since we know it is never used we avoid