Btw. to just fix the accessing of dangling memory, here's a simple (but
broken) patch with a comment to explain the problem that the current
implementation has:
===================================================================
--- glibc-2.11.3.orig/elf/dl-close.c 2011-05-27 15:08:23.000000000 +0200
+++ glibc-2.11.3/elf/dl-close.c 2011-07-13 19:28:52.000000000 +0200
@@ -127,7 +127,13 @@ _dl_close_worker (struct link_map *map)
{
struct link_map **oldp = map->l_initfini;
map->l_initfini = map->l_orig_initfini;
- _dl_scope_free (oldp);
+ /* We can't remove the l_initfini memory because
+ it's shared with l_searchlist.r_list. We don't clear
+ the latter so when we dlopen this object again that
+ entry would point to stale memory. And we don't want
+ to recompute it as it would involve a new call to
+ map_object_deps.
+ _dl_scope_free (oldp); */
}
}
This patch is broken since now oldp never gets freed and thus some tests fail.
The Fedora patch is AFAIK applying Andreas Schwab's initial patch that
Ulrich Drepper changed ontop of Ulrich's change (thus adding Andreas'
initial version)
Here's a link to the initial patch
http://sourceware.org/ml/libc-hacker/2011-02/msg00004.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/893605
Title:
crashes with glibc-2.14/2.15 on dlopen (seen with kvm and gnucash)
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/893605/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
