From: Rich Felker Date: Sat, 2 Feb 2013 05:59:25 +0000 (-0500) Subject: fix uninitialized map_len being used in munmap failure paths in load_library X-Git-Tag: v0.9.10~86 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=74025c80ce1eb4cda110ab2e3ac11718d3c6f2ff;p=musl fix uninitialized map_len being used in munmap failure paths in load_library this bug seems to have been introduced when the map_library signatures was changed to return the mapping in a temp dso structure instead of into separate variables. --- diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index b1a4409d..efbec8fb 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -435,7 +435,6 @@ static struct dso *load_library(const char *name) char buf[2*NAME_MAX+2]; const char *pathname; unsigned char *map; - size_t map_len; struct dso *p, temp_dso = {0}; int fd; struct stat st; @@ -528,7 +527,7 @@ static struct dso *load_library(const char *name) } p = calloc(1, alloc_size); if (!p) { - munmap(map, map_len); + munmap(map, temp_dso.map_len); return 0; } memcpy(p, &temp_dso, sizeof temp_dso); @@ -542,8 +541,8 @@ static struct dso *load_library(const char *name) if (pathname != name) p->shortname = strrchr(p->name, '/')+1; if (p->tls_image) { if (runtime && !__pthread_self_init()) { + munmap(map, p->map_len); free(p); - munmap(map, map_len); return 0; } p->tls_id = ++tls_cnt;