From ffab43602b5900c86b7040abdda8ccf6cdec95f5 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sun, 11 Aug 2019 11:48:06 -0400 Subject: [PATCH] ldso: fix calloc misuse allocating initial tls this is analogous to commit 2f1f51ae7b2d78247568e7fdb8462f3c19e469a4, and should have been caught at the same time since it was right next to the code moved in that commit. between final stage 3 reloc_all and the jump to the main program's entry point, it is not valid to call any functions which may be interposed by the application; doing so results in execution of application code before ctors have run, and on fdpic archs, before the main program's fdpic self-fixups have taken place, which will produce runaway wrong execution. --- ldso/dynlink.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ldso/dynlink.c b/ldso/dynlink.c index d1edb131..93ef3633 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -1874,11 +1874,8 @@ void __dls3(size_t *sp) * code can see to perform. */ main_ctor_queue = queue_ctors(&app); - /* The main program must be relocated LAST since it may contin - * copy relocations which depend on libraries' relocations. */ - reloc_all(app.next); - reloc_all(&app); - + /* Initial TLS must also be allocated before final relocations + * might result in calloc being a call to application code. */ update_tls_size(); if (libc.tls_size > sizeof builtin_tls || tls_align > MIN_TLS_ALIGN) { void *initial_tls = calloc(libc.tls_size, 1); @@ -1902,6 +1899,11 @@ void __dls3(size_t *sp) } static_tls_cnt = tls_cnt; + /* The main program must be relocated LAST since it may contin + * copy relocations which depend on libraries' relocations. */ + reloc_all(app.next); + reloc_all(&app); + if (ldso_fail) _exit(127); if (ldd_mode) _exit(0); -- 2.25.1