The branch main has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=45a0cb52d3d62f8caae420b93e4b8c76ae3bc766
commit 45a0cb52d3d62f8caae420b93e4b8c76ae3bc766 Author: Daniel Levin <[email protected]> AuthorDate: 2026-06-08 14:42:03 +0000 Commit: Pouria Mousavizadeh Tehrani <[email protected]> CommitDate: 2026-06-22 18:22:08 +0000 rtld: Check for -1 as an-end-of-section marker rtld calls functions in the .init_array section one at a time, until it finds a distinguished sentinel value. The C runtime does the same thing (in crtend.c). However, that checks for the sentinel -1 and not 1. If one is using a linker that unifies .ctors and .init_array, then rtld will miss the sentinel value. I believe the author of this code intended to write -1 instead of 1. Indeed, changing the code to also check for -1 prevents rtld from attempting to call a non-existent function. The same is true of .dtors and .fini_array. Signed-off-by: Daniel Levin <[email protected]> Reviewed by: kib MFC after: 3 days Pull Request: https://github.com/freebsd/freebsd-src/pull/2270 --- libexec/rtld-elf/rtld.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index a72726684f0f..2a05afe66902 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -3159,7 +3159,8 @@ objlist_call_fini(Objlist *list, Obj_Entry *root, RtldLockState *lockstate) for (index = elm->obj->fini_array_num - 1; index >= 0; index--) { if (fini_addr[index] != 0 && - fini_addr[index] != 1) { + fini_addr[index] != 1 && + fini_addr[index] != (Elf_Addr)-1) { dbg("calling fini function for %s at %p", elm->obj->path, (void *)fini_addr[index]); @@ -3265,7 +3266,8 @@ objlist_call_init(Objlist *list, RtldLockState *lockstate) for (index = 0; index < elm->obj->init_array_num; index++) { if (init_addr[index] != 0 && - init_addr[index] != 1) { + init_addr[index] != 1 && + init_addr[index] != (Elf_Addr)-1) { dbg("calling init function for %s at %p", elm->obj->path, (void *)init_addr[index]);
