summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-02-02 00:59:25 -0500
committerRich Felker <dalias@aerifal.cx>2013-02-02 00:59:25 -0500
commit74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff (patch)
treea171ebc98c1af864db7c356a99efc8b98ffd5077
parent72768ea99e67162b7b42d9cd8917cf9a2c00f1f1 (diff)
downloadmusl-74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff.tar.gz
musl-74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff.tar.bz2
musl-74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff.tar.xz
musl-74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff.zip
fix uninitialized map_len being used in munmap failure paths in load_library
this bug seems to have been introduced when the map_library signatures was changed to return the mapping in a temp dso structure instead of into separate variables.
-rw-r--r--src/ldso/dynlink.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index b1a4409d..efbec8fb 100644
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -435,7 +435,6 @@ static struct dso *load_library(const char *name)
char buf[2*NAME_MAX+2];
const char *pathname;
unsigned char *map;
- size_t map_len;
struct dso *p, temp_dso = {0};
int fd;
struct stat st;
@@ -528,7 +527,7 @@ static struct dso *load_library(const char *name)
}
p = calloc(1, alloc_size);
if (!p) {
- munmap(map, map_len);
+ munmap(map, temp_dso.map_len);
return 0;
}
memcpy(p, &temp_dso, sizeof temp_dso);
@@ -542,8 +541,8 @@ static struct dso *load_library(const char *name)
if (pathname != name) p->shortname = strrchr(p->name, '/')+1;
if (p->tls_image) {
if (runtime && !__pthread_self_init()) {
+ munmap(map, p->map_len);
free(p);
- munmap(map, map_len);
return 0;
}
p->tls_id = ++tls_cnt;