| Message ID | 20230213132307.528976-2-stsp2@yandex.ru |
|---|---|
| State | New |
| Headers | show |
| Series | implement dlmem() function | expand |
diff --git a/elf/dl-object.c b/elf/dl-object.c index f1f2ec956c..c92daf37d1 100644 --- a/elf/dl-object.c +++ b/elf/dl-object.c @@ -122,7 +122,7 @@ _dl_new_object (char *realname, const char *libname, int type, #endif new->l_name = realname; else - new->l_name = (char *) newname->name + libname_len - 1; + new->l_name = __strdup ((char *) newname->name + libname_len - 1); new->l_type = type; /* If we set the bit now since we know it is never used we avoid
_dl_close_worker() has this code: /* This name always is allocated. */ free (imap->l_name); But in that particular case, while indeed being allocated, l_name doesn't point to the start of an allocation: new = (struct link_map *) calloc (sizeof (*new) + audit_space + sizeof (struct link_map *) + sizeof (*newname) + libname_len, 1); ... new->l_symbolic_searchlist.r_list = (struct link_map **) ((char *) (new + 1) + audit_space); new->l_libname = newname = (struct libname_list *) (new->l_symbolic_searchlist.r_list + 1); newname->name = (char *) memcpy (newname + 1, libname, libname_len); ... new->l_name = (char *) newname->name + libname_len - 1; It therefore cannot be freed separately. Use strdup() as a simple fix. Signed-off-by: Stas Sergeev <stsp2@yandex.ru> --- elf/dl-object.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)