[BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex
__deregister_frame_info_bases() calls free() while holding a mutex which is also used from _Unwind_Find_FDE(). This leads to a deadlock if AddressSanitizer uses _Unwind_Backtrace() from its free() implementation. Checked on mips-linux-gnu and x86_64-linux-gnu. [BZ #21357] * sysdeps/generic/unwind-dw2-fde.c (__deregister_frame_info_bases): Call free() outside of mutex.
This commit is contained in:
parent
a12ae89f86
commit
2604882cef
@ -1,3 +1,9 @@
|
||||
2017-04-17 Rabin Vincent <rabinv@axis.com>
|
||||
|
||||
[BZ #21357]
|
||||
* sysdeps/generic/unwind-dw2-fde.c (__deregister_frame_info_bases):
|
||||
Call free() outside of mutex.
|
||||
|
||||
2017-04-13 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
* csu/check_fds.c (__libc_check_standard_fds): Assume O_NOFOLLOW
|
||||
|
@ -202,6 +202,7 @@ __deregister_frame_info_bases (void *begin)
|
||||
{
|
||||
struct object **p;
|
||||
struct object *ob = 0;
|
||||
struct fde_vector *tofree = NULL;
|
||||
|
||||
/* If .eh_frame is empty, we haven't registered. */
|
||||
if (*(uword *) begin == 0)
|
||||
@ -225,7 +226,7 @@ __deregister_frame_info_bases (void *begin)
|
||||
{
|
||||
ob = *p;
|
||||
*p = ob->next;
|
||||
free (ob->u.sort);
|
||||
tofree = ob->u.sort;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
@ -244,6 +245,7 @@ __deregister_frame_info_bases (void *begin)
|
||||
|
||||
out:
|
||||
__gthread_mutex_unlock (&object_mutex);
|
||||
free (tofree);
|
||||
return (void *) ob;
|
||||
}
|
||||
hidden_def (__deregister_frame_info_bases)
|
||||
|
Loading…
x
Reference in New Issue
Block a user