From: H.J. Lu <hjl.tools@gmail.com>
Date: Thu, 30 Sep 2021 17:29:17 +0000 (-0700)
Subject: elf: Replace nsid with args.nsid [BZ #27609]
X-Git-Tag: glibc-2.35~466
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e1ecea62e899acb58c3fdf3b320a0833ddd0dff;p=thirdparty%2Fglibc.git

elf: Replace nsid with args.nsid [BZ #27609]

commit ec935dea6332cb22f9881cd1162bad156173f4b0
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Apr 24 22:31:15 2020 +0200

    elf: Implement __libc_early_init

has

@@ -856,6 +876,11 @@ no more namespaces available for dlmopen()"));
   /* See if an error occurred during loading.  */
   if (__glibc_unlikely (exception.errstring != NULL))
     {
+      /* Avoid keeping around a dangling reference to the libc.so link
+   map in case it has been cached in libc_map.  */
+      if (!args.libc_already_loaded)
+  GL(dl_ns)[nsid].libc_map = NULL;
+

do_dlopen calls _dl_open with nsid == __LM_ID_CALLER (-2), which calls
dl_open_worker with args.nsid = nsid.  dl_open_worker updates args.nsid
if it is __LM_ID_CALLER.  After dl_open_worker returns, it is wrong to
use nsid.

Replace nsid with args.nsid after dl_open_worker returns.  This fixes
BZ #27609.
---

diff --git a/elf/dl-open.c b/elf/dl-open.c
index a25443f6d1e..5295e931b05 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -886,7 +886,7 @@ no more namespaces available for dlmopen()"));
       /* Avoid keeping around a dangling reference to the libc.so link
 	 map in case it has been cached in libc_map.  */
       if (!args.libc_already_loaded)
-	GL(dl_ns)[nsid].libc_map = NULL;
+	GL(dl_ns)[args.nsid].libc_map = NULL;
 
       /* Remove the object from memory.  It may be in an inconsistent
 	 state if relocation failed, for example.  */