diff options
author | Rich Felker <dalias@aerifal.cx> | 2019-02-15 14:20:49 -0500 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2019-02-15 14:20:49 -0500 |
commit | aa5a9d15e09851f7b4a1668e9dbde0f6234abada (patch) | |
tree | 1076c36326a4f74ae9b98ca997c5bbb144289a04 | |
parent | b2020571f07beaa9873ef0e5ade456b57b589042 (diff) | |
download | musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.gz musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.bz2 musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.xz musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.zip |
defer free of thread-local dlerror buffers from inconsistent context
__dl_thread_cleanup is called from the context of an exiting thread
that is not in a consistent state valid for calling application code.
since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732, it's possible
(and supported usage) for the allocator to have been replaced by the
application, so __dl_thread_cleanup can no longer call free. instead,
reuse the message buffer as a linked-list pointer, and queue it to be
freed the next time any dynamic linker error message is generated.
-rw-r--r-- | src/ldso/dlerror.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/ldso/dlerror.c b/src/ldso/dlerror.c index 06ed8542..3fcc7779 100644 --- a/src/ldso/dlerror.c +++ b/src/ldso/dlerror.c @@ -3,6 +3,7 @@ #include <stdarg.h> #include "pthread_impl.h" #include "dynlink.h" +#include "lock.h" char *dlerror() { @@ -16,21 +17,38 @@ char *dlerror() return s; } +static volatile int freebuf_queue_lock[1]; +static void **freebuf_queue; + void __dl_thread_cleanup(void) { pthread_t self = __pthread_self(); - if (self->dlerror_buf != (void *)-1) - free(self->dlerror_buf); + if (self->dlerror_buf && self->dlerror_buf != (void *)-1) { + LOCK(freebuf_queue_lock); + void **p = (void **)self->dlerror_buf; + *p = freebuf_queue; + freebuf_queue = p; + UNLOCK(freebuf_queue_lock); + } } hidden void __dl_vseterr(const char *fmt, va_list ap) { + LOCK(freebuf_queue_lock); + while (freebuf_queue) { + void **p = freebuf_queue; + freebuf_queue = *p; + free(p); + } + UNLOCK(freebuf_queue_lock); + va_list ap2; va_copy(ap2, ap); pthread_t self = __pthread_self(); if (self->dlerror_buf != (void *)-1) free(self->dlerror_buf); size_t len = vsnprintf(0, 0, fmt, ap2); + if (len < sizeof(void *)) len = sizeof(void *); va_end(ap2); char *buf = malloc(len+1); if (buf) { |