Fix bad pointer / leak in regex code

[thirdparty/glibc.git] / elf / dl-reloc.c

diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
index dcab666d5699bf798e719957b2a05317ef7a9fbd..e7fb8da276094fc50e0684483e0ef8dd98918500 100644 (file)
--- a/elf/dl-reloc.c
+++ b/elf/dl-reloc.c
@@ -1,5 +1,5 @@
 /* Relocate a shared object and resolve its references to other loaded objects.
-   Copyright (C) 1995-2016 Free Software Foundation, Inc.
+   Copyright (C) 1995-2019 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -25,8 +25,8 @@
 #include <sys/param.h>
 #include <sys/types.h>
 #include <_itoa.h>
+#include <libc-pointer-arith.h>
 #include "dynamic-link.h"
-#include <libc-internal.h>
 
 /* Statistics function.  */
 #ifdef SHARED
@@ -45,7 +45,6 @@
    directly, as static TLS should be rare and code handling it should
    not be inlined as much as possible.  */
 int
-internal_function
 _dl_try_allocate_static_tls (struct link_map *map)
 {
   /* If we've already used the variable with dynamic access, or if the
@@ -112,7 +111,7 @@ _dl_try_allocate_static_tls (struct link_map *map)
 }
 
 void
-internal_function __attribute_noinline__
+__attribute_noinline__
 _dl_allocate_static_tls (struct link_map *map)
 {
   if (map->l_tls_offset == FORCED_DYNAMIC_TLS_OFFSET
@@ -137,12 +136,6 @@ _dl_nothread_init_static_tls (struct link_map *map)
 # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
 #endif
 
-  /* Fill in the DTV slot so that a later LD/GD access will find it.  */
-  dtv_t *dtv = THREAD_DTV ();
-  assert (map->l_tls_modid <= dtv[-1].counter);
-  dtv[map->l_tls_modid].pointer.to_free = NULL;
-  dtv[map->l_tls_modid].pointer.val = dest;
-
   /* Initialize the memory.  */
   memset (__mempcpy (dest, map->l_tls_initimage, map->l_tls_initimage_size),
          '\0', map->l_tls_blocksize - map->l_tls_initimage_size);
@@ -207,17 +200,6 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
            newp->start = PTR_ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize))
                          + (caddr_t) l->l_addr;
 
-           if (__mprotect (newp->start, newp->len, PROT_READ|PROT_WRITE) < 0)
-             {
-               errstring = N_("cannot make segment writable for relocation");
-             call_error:
-               _dl_signal_error (errno, l->l_name, NULL, errstring);
-             }
-
-#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
-           newp->prot = (PF_TO_PROT
-                         >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
-#else
            newp->prot = 0;
            if (ph->p_flags & PF_R)
              newp->prot |= PROT_READ;
@@ -225,7 +207,14 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
              newp->prot |= PROT_WRITE;
            if (ph->p_flags & PF_X)
              newp->prot |= PROT_EXEC;
-#endif
+
+           if (__mprotect (newp->start, newp->len, newp->prot|PROT_WRITE) < 0)
+             {
+               errstring = N_("cannot make segment writable for relocation");
+             call_error:
+               _dl_signal_error (errno, l->l_name, NULL, errstring);
+             }
+
            newp->next = textrels;
            textrels = newp;
          }
@@ -314,7 +303,7 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
 }
 
 
-void internal_function
+void
 _dl_protect_relro (struct link_map *l)
 {
   ElfW(Addr) start = ALIGN_DOWN((l->l_addr
@@ -334,7 +323,7 @@ cannot apply additional memory protection after relocation");
 }
 
 void
-internal_function __attribute_noinline__
+__attribute_noinline__
 _dl_reloc_bad_type (struct link_map *map, unsigned int type, int plt)
 {
 #define DIGIT(b)       _itoa_lower_digits[(b) & 0xf];