summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2019-02-15 14:20:49 -0500
committerRich Felker <dalias@aerifal.cx>2019-02-15 14:20:49 -0500
commitaa5a9d15e09851f7b4a1668e9dbde0f6234abada (patch)
tree1076c36326a4f74ae9b98ca997c5bbb144289a04
parentb2020571f07beaa9873ef0e5ade456b57b589042 (diff)
downloadmusl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.gz
musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.bz2
musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.tar.xz
musl-aa5a9d15e09851f7b4a1668e9dbde0f6234abada.zip
defer free of thread-local dlerror buffers from inconsistent context
__dl_thread_cleanup is called from the context of an exiting thread that is not in a consistent state valid for calling application code. since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732, it's possible (and supported usage) for the allocator to have been replaced by the application, so __dl_thread_cleanup can no longer call free. instead, reuse the message buffer as a linked-list pointer, and queue it to be freed the next time any dynamic linker error message is generated.
-rw-r--r--src/ldso/dlerror.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/src/ldso/dlerror.c b/src/ldso/dlerror.c
index 06ed8542..3fcc7779 100644
--- a/src/ldso/dlerror.c
+++ b/src/ldso/dlerror.c
@@ -3,6 +3,7 @@
#include <stdarg.h>
#include "pthread_impl.h"
#include "dynlink.h"
+#include "lock.h"
char *dlerror()
{
@@ -16,21 +17,38 @@ char *dlerror()
return s;
}
+static volatile int freebuf_queue_lock[1];
+static void **freebuf_queue;
+
void __dl_thread_cleanup(void)
{
pthread_t self = __pthread_self();
- if (self->dlerror_buf != (void *)-1)
- free(self->dlerror_buf);
+ if (self->dlerror_buf && self->dlerror_buf != (void *)-1) {
+ LOCK(freebuf_queue_lock);
+ void **p = (void **)self->dlerror_buf;
+ *p = freebuf_queue;
+ freebuf_queue = p;
+ UNLOCK(freebuf_queue_lock);
+ }
}
hidden void __dl_vseterr(const char *fmt, va_list ap)
{
+ LOCK(freebuf_queue_lock);
+ while (freebuf_queue) {
+ void **p = freebuf_queue;
+ freebuf_queue = *p;
+ free(p);
+ }
+ UNLOCK(freebuf_queue_lock);
+
va_list ap2;
va_copy(ap2, ap);
pthread_t self = __pthread_self();
if (self->dlerror_buf != (void *)-1)
free(self->dlerror_buf);
size_t len = vsnprintf(0, 0, fmt, ap2);
+ if (len < sizeof(void *)) len = sizeof(void *);
va_end(ap2);
char *buf = malloc(len+1);
if (buf) {