bin/149464: dlclose can access freed memory and crash
jaroslav.suchanek at avg.com
jaroslav.suchanek at avg.com
Mon Aug 9 08:20:08 UTC 2010
>Number: 149464
>Category: bin
>Synopsis: dlclose can access freed memory and crash
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 09 08:20:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Jaroslav Suchanek
>Release: FreeBSD 8.0-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD jardas.grisoft.cz 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #3: Mon Mar 1 12:02:47 CET 2010 root at jardas.grisoft.cz:/usr/obj/usr/src/sys/JSKERNEL amd64
>Description:
This might be related to pr bin/42397. Consider this situation:
- a binary loads two shared libraries A and B via dlopen()
- both A and B loads shared library C via dlopen()
- the binary calls dlclose on A. While unloading A the reference
count of C is correctly decreased
- the binary calls dlclose on B and crash occurs. The C is correctly
unmapped though
>How-To-Repeat:
Run the attached test case.
>Fix:
I don't know yet.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list