From 2bd2cad9e8a410643e80efa0b15f6f2882e1271b Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Fri, 17 Apr 2015 14:29:40 -0700 Subject: [PATCH] Avoid confusing compiler with dynamically impossible statically invalid dereference in _dl_close_worker. --- ChangeLog | 5 +++++ elf/dl-close.c | 16 +++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 967a8c85ea..0b648bfb11 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2015-04-17 Roland McGrath + * elf/dl-close.c (_dl_close_worker) [DL_NNS == 1]: Just assert that + IMAP->l_prev cannot be null, and #if out the code for the contrary + case, avoiding 'assert (nsid != LM_ID_BASE)' making the compiler + believe that NS (&_dl_ns[NSID]) could point outside the array. + * elf/dl-open.c (_dl_open): Use __glibc_unlikely in invalid namespace check. Reject NSID < 0 and NSID >= dl_nns, and check for DL_NNS==1, before using NSID as an index. diff --git a/elf/dl-close.c b/elf/dl-close.c index cf8f9e0465..412f71d70b 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -641,9 +641,16 @@ _dl_close_worker (struct link_map *map) DL_UNMAP (imap); /* Finally, unlink the data structure and free it. */ - if (imap->l_prev != NULL) - imap->l_prev->l_next = imap->l_next; - else +#if DL_NNS == 1 + /* The assert in the (imap->l_prev == NULL) case gives + the compiler license to warn that NS points outside + the dl_ns array bounds in that case (as nsid != LM_ID_BASE + is tantamount to nsid >= DL_NNS). That should be impossible + in this configuration, so just assert about it instead. */ + assert (nsid == LM_ID_BASE); + assert (imap->l_prev != NULL); +#else + if (imap->l_prev == NULL) { assert (nsid != LM_ID_BASE); ns->_ns_loaded = imap->l_next; @@ -652,6 +659,9 @@ _dl_close_worker (struct link_map *map) we leave for debuggers to examine. */ r->r_map = (void *) ns->_ns_loaded; } + else +#endif + imap->l_prev->l_next = imap->l_next; --ns->_ns_nloaded; if (imap->l_next != NULL) -- 2.11.4.GIT