From: H.J. Lu <hjl.tools@gmail.com>
Date: Thu, 16 Jan 2020 14:45:36 +0000 (-0800)
Subject: Clear GL(dl_initfirst) when freeing its link_map memory [BZ# 25396]
X-Git-Tag: glibc-2.31~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5177d85b0c050a2333a0c4165c938dd422013d05;p=thirdparty%2Fglibc.git

Clear GL(dl_initfirst) when freeing its link_map memory [BZ# 25396]

We should clear GL(dl_initfirst) when freeing its link_map memory.

Tested on Fedora 31/x86-64 with CET.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
---

diff --git a/elf/dl-close.c b/elf/dl-close.c
index 104c299209a..73b2817bbf6 100644
--- a/elf/dl-close.c
+++ b/elf/dl-close.c
@@ -756,6 +756,10 @@ _dl_close_worker (struct link_map *map, bool force)
 	  if (imap->l_runpath_dirs.dirs != (void *) -1)
 	    free (imap->l_runpath_dirs.dirs);
 
+	  /* Clear GL(dl_initfirst) when freeing its link_map memory.  */
+	  if (imap == GL(dl_initfirst))
+	    GL(dl_initfirst) = NULL;
+
 	  free (imap);
 	}
     }