Fix memory leak in dlopen with RTLD_NOLOAD.

(cherry picked from commit 4bff6e0175ed195871f4e01cc4c4c33274b8f6e3)

diff --git a/ChangeLog b/ChangeLog
index 48f592fbcbc8df0144fcdceac49e401c4a9b3052..0aaabe754c001e01904a810dafb631178c5f05c3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2011-02-23  Andreas Schwab  <schwab@redhat.com>
+           Ulrich Drepper  <drepper@gmail.com>
+
+       [BZ #12509]
+       * include/link.h (struct link_map): Add l_orig_initfini.
+       * elf/dl-load.c (_dl_map_object_from_fd): Free realname before
+       returning unsuccessfully.
+       * elf/dl-close.c (_dl_close_worker): If this is the last explicit
+       close of a file loaded at startup, restore the original l_initfini
+       list.
+       * elf/dl-deps.c (_dl_map_object_deps): Don't free old l_initfini
+       list, store the pointer.
+       * elf/Makefile ($(objpfx)noload-mem): New rule.
+       (noload-ENV): Define.
+       (tests): Add $(objpfx)noload-mem.
+       * elf/noload.c: Include <memcheck.h>.
+       (main): Call mtrace.  Close all opened handles.
+
 2011-02-17  Andreas Schwab  <schwab@redhat.com>
 
        [BZ #12454]

diff --git a/elf/Makefile b/elf/Makefile
index 34609a0f855604bfa3ce52fc1c0889a3c8233f45..addb086d6e2d27d6b29a9271d2064395092f5183 100644 (file)
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -209,7 +209,7 @@ endif
 ifeq (yesyes,$(have-fpie)$(build-shared))
 tests: $(objpfx)tst-pie1.out
 endif
-tests: $(objpfx)tst-leaks1-mem
+tests: $(objpfx)tst-leaks1-mem $(objpfx)noload-mem
 tlsmod17a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 tlsmod18a-suffixes = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
@@ -658,6 +658,10 @@ $(objpfx)noload: $(objpfx)testobj1.so
 LDFLAGS-noload = -rdynamic
 $(objpfx)noload.out: $(objpfx)testobj5.so
 
+$(objpfx)noload-mem: $(objpfx)noload.out
+       $(common-objpfx)malloc/mtrace $(objpfx)noload.mtrace > $@
+noload-ENV = MALLOC_TRACE=$(objpfx)noload.mtrace
+
 LDFLAGS-nodelete = -rdynamic
 LDFLAGS-nodelmod1.so = -Wl,--enable-new-dtags,-z,nodelete
 LDFLAGS-nodelmod4.so = -Wl,--enable-new-dtags,-z,nodelete

diff --git a/elf/dl-close.c b/elf/dl-close.c
index b73a7adb1a1d54869aa517045e32ee329adf241e..e1940da2d0b1b80a241d8496e1d2fe5409c11d93 100644 (file)
--- a/elf/dl-close.c
+++ b/elf/dl-close.c
@@ -1,5 +1,5 @@
 /* Close a shared object opened by `_dl_open'.
-   Copyright (C) 1996-2007, 2009 Free Software Foundation, Inc.
+   Copyright (C) 1996-2007, 2009, 2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
   if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
       || dl_close_state != not_pending)
     {
-      if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
-       dl_close_state = rerun;
+      if (map->l_direct_opencount == 0)
+       {
+         if (map->l_type == lt_loaded)
+           dl_close_state = rerun;
+         else if (map->l_type == lt_library)
+           {
+             struct link_map **oldp = map->l_initfini;
+             map->l_initfini = map->l_orig_initfini;
+             _dl_scope_free (oldp);
+           }
+       }
 
       /* There are still references to this object.  Do nothing more.  */
       if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))

diff --git a/elf/dl-deps.c b/elf/dl-deps.c
index b2f6a46e561631582772e8cb5d37a27acc3b5f53..06fcabb69be991af639ea9262030b52266768df9 100644 (file)
--- a/elf/dl-deps.c
+++ b/elf/dl-deps.c
@@ -669,5 +669,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
       _dl_scope_free (old_l_reldeps);
     }
   if (old_l_initfini != NULL)
-    _dl_scope_free (old_l_initfini);
+      map->l_orig_initfini = old_l_initfini;
 }

diff --git a/elf/dl-load.c b/elf/dl-load.c
index aa324d1fbaf685e221724ed7c39a6e0a4a37da9d..9e35dc43d92c35627e75b8ab18f4cbdc21a4f95c 100644 (file)
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -897,6 +897,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
     {
       /* We are not supposed to load the object unless it is already
         loaded.  So return now.  */
+      free (realname);
       __close (fd);
       return NULL;
     }
@@ -915,6 +916,7 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
       _dl_zerofd = _dl_sysdep_open_zero_fill ();
       if (_dl_zerofd == -1)
        {
+         free (realname);
          __close (fd);
          _dl_signal_error (errno, NULL, NULL,
                            N_("cannot open zero fill device"));

diff --git a/elf/noload.c b/elf/noload.c
index 9281ec714c84b5e07dfce948280f5e2793064de5..bcc85efc271470e225164871227d0967f61244fa 100644 (file)
--- a/elf/noload.c
+++ b/elf/noload.c
@@ -1,20 +1,28 @@
 #include <dlfcn.h>
 #include <stdio.h>
+#include <mcheck.h>
 
 int
 main (void)
 {
   int result = 0;
+  void *p;
+
+  mtrace ();
 
   /* First try to load an object which is a dependency.  This should
      succeed.  */
-  if (dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+  p = dlopen ("testobj1.so", RTLD_LAZY | RTLD_NOLOAD);
+  if (p == NULL)
     {
       printf ("cannot open \"testobj1.so\": %s\n", dlerror ());
       result = 1;
     }
   else
-    puts ("loading \"testobj1.so\" succeeded, OK");
+    {
+      puts ("loading \"testobj1.so\" succeeded, OK");
+      dlclose (p);
+    }
 
   /* Now try loading an object which is not already loaded.  */
   if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) != NULL)
@@ -25,8 +33,6 @@ main (void)
   else
     {
       /* Load the object and run the same test again.  */
-      void *p;
-
       puts ("\"testobj5.so\" wasn't loaded and RTLD_NOLOAD prevented it, OK");
 
       p = dlopen ("testobj5.so", RTLD_LAZY);
@@ -41,13 +47,17 @@ main (void)
        {
          puts ("loading \"testobj5.so\" succeeded, OK");
 
-         if (dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD) == NULL)
+         void *q = dlopen ("testobj5.so", RTLD_LAZY | RTLD_NOLOAD);
+         if (q == NULL)
            {
              printf ("cannot open \"testobj5.so\": %s\n", dlerror ());
              result = 1;
            }
          else
-           puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+           {
+             puts ("loading \"testobj5.so\" with RTLD_NOLOAD succeeded, OK");
+             dlclose (q);
+           }
 
          if (dlclose (p) != 0)
            {

diff --git a/include/link.h b/include/link.h
index 26c67438f036d9780ebf4f8917dfc8cf4db3fc3b..e1700b14903a7113c37c154268a8878d5decc3db 100644 (file)
--- a/include/link.h
+++ b/include/link.h
@@ -1,6 +1,6 @@
 /* Data structure for communication from the run-time dynamic linker for
    loaded ELF shared objects.
-   Copyright (C) 1995-2006, 2007, 2009 Free Software Foundation, Inc.
+   Copyright (C) 1995-2006, 2007, 2009, 2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -236,6 +236,9 @@ struct link_map
 
     /* List of object in order of the init and fini calls.  */
     struct link_map **l_initfini;
+    /* The init and fini list generated at startup, saved when the
+       object is also loaded dynamically.  */
+    struct link_map **l_orig_initfini;
 
     /* List of the dependencies introduced through symbol binding.  */
     struct link_map_reldeps