From: Rich Felker Date: Thu, 5 Jan 2017 03:54:06 +0000 (-0500) Subject: fix crash from corrupted tls module list after failed dlopen X-Git-Tag: v1.1.17~112 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27b3fd68f67b674440d21ea7ca5cf918d2e1559f;p=musl fix crash from corrupted tls module list after failed dlopen commit d56460c939c94a6c547abe8238f442b8de10bfbd introduced this regression as part of splitting the tls module list out of the dso list. the new code added to dlopen's failure path to undo the changes adding the partially-loaded libraries reset the tls_tail pointer correctly, but did not clear its link to the next list entry. thus, at least until the next successful dlopen, the list was not terminated but ended with an invalid next pointer, which __copy_tls attempted to follow when a new thread was created. patch by Mikael Vidstedt. --- diff --git a/ldso/dynlink.c b/ldso/dynlink.c index c6890845..48dcd1c2 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -1686,6 +1686,7 @@ void *dlopen(const char *file, int mode) } if (!orig_tls_tail) libc.tls_head = 0; tls_tail = orig_tls_tail; + if (tls_tail) tls_tail->next = 0; tls_cnt = orig_tls_cnt; tls_offset = orig_tls_offset; tls_align = orig_tls_align;