dlclose can crash or stuck the system:
When calling dlclose() then system can crash or freeze, because htab_delete() in ldso/ldso/fdpic/dl-inlines.h uses size_t for i which is a typedef to unsigned int. We exit the loop on negative value of i which can never occur since i is an unsigned int. This leads to random free of various pointers that kill the system.
* ldso/include/inline-hashtab.h (htab_delete): Change type of 'i' to int.
Signed-off-by: Mickaël Guêné mickael.guene@st.com Signed-off-by: Christophe Lyon christophe.lyon@st.com
diff --git a/ldso/include/inline-hashtab.h b/ldso/include/inline-hashtab.h index 4a48120..c6c584b 100644 --- a/ldso/include/inline-hashtab.h +++ b/ldso/include/inline-hashtab.h @@ -107,7 +107,7 @@ htab_create(void) static __always_inline void htab_delete(struct funcdesc_ht *htab) { - size_t i; + int i;
for (i = htab->size - 1; i >= 0; i--) if (htab->entries[i])