From: Jakub Jelinek <jakub@redhat.com>
Date: Mon, 27 Jul 2009 14:25:57 +0000 (-0700)
Subject: Fix STB_GNU_UNIQUE handling for > 30 unique symbols.
X-Git-Tag: fedora/glibc-2.10.90-10~1^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09cd1f575476a48b262e4e45997bb56753f9d4f5;p=thirdparty%2Fglibc.git

Fix STB_GNU_UNIQUE handling for > 30 unique symbols.

There were several issues when the initial 31 entries hashtab filled up.
size * 3 <= tab->n_elements is always false, table can't have more elements
than its size.  I assume from libiberty/hashtab.c this meant to be check for
3/4 full.  Even after fixing that, _dl_higher_prime_number (31) apparently
returns 31, only _dl_higher_prime_number (32) returns 61.  And, size
variable wasn't updated during reallocation, which means during reallocation
the insertion of the new entry was done into a wrong spot.

All this lead to a hang in ld.so, because a search with n_elements 31 size
31 wouldn't ever terminate.
---

diff --git a/ChangeLog b/ChangeLog
index 801ec189d07..8cc2e675c93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-07-27  Jakub Jelinek  <jakub@redhat.com>
+
+	* elf/dl-lookup.c (do_lookup_x): Fix check for table more than
+	3/4 full.  Pass size + 1 rather than size to _dl_higher_prime_number.
+	Update size when reallocating.
+
 2009-07-26  Ulrich Drepper  <drepper@redhat.com>
 
 	* sysdeps/x86_64/tst-xmmymm.sh: New file.  Check whether any of the
diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c
index 18f728812e9..1d68d67a35e 100644
--- a/elf/dl-lookup.c
+++ b/elf/dl-lookup.c
@@ -377,10 +377,10 @@ do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
 			idx -= size;
 		    }
 
-		  if (size * 3 <= tab->n_elements)
+		  if (size * 3 <= tab->n_elements * 4)
 		    {
 		      /* Expand the table.  */
-		      size_t newsize = _dl_higher_prime_number (size);
+		      size_t newsize = _dl_higher_prime_number (size + 1);
 		      struct unique_sym *newentries
 			= calloc (sizeof (struct unique_sym), newsize);
 		      if (newentries == NULL)
@@ -398,6 +398,7 @@ do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
 
 		      tab->free (entries);
 		      tab->size = newsize;
+		      size = newsize;
 		      entries = tab->entries = newentries;
 		      tab->free = free;
 		    }