1 From 675155e9084e060fd0e1e637b843f14e82898aa5 Mon Sep 17 00:00:00 2001
2 From: Andreas Schwab <schwab@redhat.com>
3 Date: Wed, 22 Sep 2010 12:06:30 +0200
4 Subject: [PATCH] Fix memory leak on init/fini dependency list
6 diff --git a/elf/dl-close.c b/elf/dl-close.c
7 index 73b2a2f..9bd91e3 100644
11 /* Close a shared object opened by `_dl_open'.
12 - Copyright (C) 1996-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
13 + Copyright (C) 1996-2007, 2009, 2010 Free Software Foundation, Inc.
14 This file is part of the GNU C Library.
16 The GNU C Library is free software; you can redistribute it and/or
17 @@ -119,17 +119,8 @@ _dl_close_worker (struct link_map *map)
18 if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
19 || dl_close_state != not_pending)
21 - if (map->l_direct_opencount == 0)
23 - if (map->l_type == lt_loaded)
24 - dl_close_state = rerun;
25 - else if (map->l_type == lt_library)
27 - struct link_map **oldp = map->l_initfini;
28 - map->l_initfini = map->l_orig_initfini;
29 - _dl_scope_free (oldp);
32 + if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
33 + dl_close_state = rerun;
35 /* There are still references to this object. Do nothing more. */
36 if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
37 diff --git a/elf/dl-deps.c b/elf/dl-deps.c
38 index 9e30594..3890d00 100644
41 @@ -478,6 +478,7 @@ _dl_map_object_deps (struct link_map *map,
42 nneeded * sizeof needed[0]);
43 atomic_write_barrier ();
44 l->l_initfini = l_initfini;
45 + l->l_free_initfini = 1;
48 /* If we have no auxiliary objects just go on to the next map. */
49 @@ -681,6 +682,7 @@ Filters not supported with LD_TRACE_PRELINKING"));
50 l_initfini[nlist] = NULL;
51 atomic_write_barrier ();
52 map->l_initfini = l_initfini;
53 + map->l_free_initfini = 1;
54 if (l_reldeps != NULL)
56 atomic_write_barrier ();
57 @@ -689,5 +691,5 @@ Filters not supported with LD_TRACE_PRELINKING"));
58 _dl_scope_free (old_l_reldeps);
60 if (old_l_initfini != NULL)
61 - map->l_orig_initfini = old_l_initfini;
62 + _dl_scope_free (old_l_initfini);
64 diff --git a/elf/dl-libc.c b/elf/dl-libc.c
65 index 7be9483..a13fce3 100644
68 @@ -265,13 +265,13 @@ libc_freeres_fn (free_mem)
70 for (Lmid_t ns = 0; ns < GL(dl_nns); ++ns)
72 - /* Remove all additional names added to the objects. */
73 for (l = GL(dl_ns)[ns]._ns_loaded; l != NULL; l = l->l_next)
75 struct libname_list *lnp = l->l_libname->next;
77 l->l_libname->next = NULL;
79 + /* Remove all additional names added to the objects. */
82 struct libname_list *old = lnp;
83 @@ -279,6 +279,10 @@ libc_freeres_fn (free_mem)
88 + /* Free the initfini dependency list. */
89 + if (l->l_free_initfini)
90 + free (l->l_initfini);
93 if (__builtin_expect (GL(dl_ns)[ns]._ns_global_scope_alloc, 0) != 0
94 diff --git a/elf/rtld.c b/elf/rtld.c
95 index 4a9109e..617e30e 100644
98 @@ -2251,6 +2251,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
102 + l->l_free_initfini = 0;
104 if (l != &GL(dl_rtld_map))
105 _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,
106 diff --git a/include/link.h b/include/link.h
107 index e877104..051b99a 100644
111 /* Data structure for communication from the run-time dynamic linker for
112 loaded ELF shared objects.
113 - Copyright (C) 1995-2006, 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
114 + Copyright (C) 1995-2006, 2007, 2009, 2010 Free Software Foundation, Inc.
115 This file is part of the GNU C Library.
117 The GNU C Library is free software; you can redistribute it and/or
118 @@ -192,6 +192,9 @@ struct link_map
119 during LD_TRACE_PRELINKING=1
120 contains any DT_SYMBOLIC
122 + unsigned int l_free_initfini:1; /* Nonzero if l_initfini can be
123 + freed, ie. not allocated with
124 + the dummy malloc in ld.so. */
126 /* Collected information about own RPATH directories. */
127 struct r_search_path_struct l_rpath_dirs;
128 @@ -240,9 +243,6 @@ struct link_map
130 /* List of object in order of the init and fini calls. */
131 struct link_map **l_initfini;
132 - /* The init and fini list generated at startup, saved when the
133 - object is also loaded dynamically. */
134 - struct link_map **l_orig_initfini;
136 /* List of the dependencies introduced through symbol binding. */
137 struct link_map_reldeps