[uClibc-cvs] svn commit: trunk/uClibc/ldso/libdl
jocke at uclibc.org
jocke at uclibc.org
Wed Aug 24 17:29:07 UTC 2005
Author: jocke
Date: 2005-08-24 11:29:05 -0600 (Wed, 24 Aug 2005)
New Revision: 11235
Log:
Frank Mehnert writes:
I use an implementation for malloc()/free() which is sensible about
using data after freed. In libdl.c, rpnt1->next->next is accessed after
rpnt1->next is freed. Attached patch fixes that problem.
Modified:
trunk/uClibc/ldso/libdl/libdl.c
Changeset:
Modified: trunk/uClibc/ldso/libdl/libdl.c
===================================================================
--- trunk/uClibc/ldso/libdl/libdl.c 2005-08-24 00:41:52 UTC (rev 11234)
+++ trunk/uClibc/ldso/libdl/libdl.c 2005-08-24 17:29:05 UTC (rev 11235)
@@ -452,7 +452,7 @@
static int do_dlclose(void *vhandle, int need_fini)
{
- struct dyn_elf *rpnt, *rpnt1;
+ struct dyn_elf *rpnt, *rpnt1, *rpnt1_tmp;
struct init_fini_list *runp, *tmp;
ElfW(Phdr) *ppnt;
struct elf_resolve *tpnt, *run_tpnt;
@@ -541,8 +541,9 @@
for (rpnt1 = _dl_symbol_tables; rpnt1->next; rpnt1 = rpnt1->next) {
if (rpnt1->next->dyn == tpnt) {
_dl_if_debug_print("removing symbol_tables: %s\n", tpnt->libname);
+ rpnt1_tmp = rpnt1->next->next;
free(rpnt1->next);
- rpnt1->next = rpnt1->next->next;
+ rpnt1->next = rpnt1_tmp;
if (rpnt1->next)
rpnt1->next->prev = rpnt1;
break;
More information about the uClibc-cvs
mailing list