[uclibc-ng-devel] [PATCH 28/32] Fix htab_delete loop counter

dlclose can crash or stuck the system: When calling dlclose() then system can crash or freeze, because htab_delete() in ldso/ldso/fdpic/dl-inlines.h uses size_t for i which is a typedef to unsigned int. We exit the loop on negative value of i which can never occur since i is an unsigned int. This leads to random free of various pointers that kill the system. * ldso/include/inline-hashtab.h (htab_delete): Change type of 'i' to int. Signed-off-by: Mickaël Guêné <mickael.guene(a)st.com> Signed-off-by: Christophe Lyon <christophe.lyon(a)st.com> diff --git a/ldso/include/inline-hashtab.h b/ldso/include/inline-hashtab.h index 4a48120..c6c584b 100644 --- a/ldso/include/inline-hashtab.h +++ b/ldso/include/inline-hashtab.h @@ -107,7 +107,7 @@ htab_create(void) static __always_inline void htab_delete(struct funcdesc_ht *htab) { - size_t i; + int i; for (i = htab->size - 1; i >= 0; i--) if (htab->entries[i]) -- 2.6.3