From: Rich Felker Date: Tue, 29 Sep 2020 22:42:05 +0000 (-0400) Subject: fix stale lock when allocation of ctor queue fails during dlopen X-Git-Url: http://nsz.repo.hu/git/?a=commitdiff_plain;h=1efc8eb2c7eda7664232ef0292b7283adf0db114;p=musl fix stale lock when allocation of ctor queue fails during dlopen queue_ctors should not be called with the init_fini_lock held, since it may longjmp out on allocation failure. this introduces a minor TOCTOU race with p->constructed, but one already exists further down anyway, and by design it's okay to run through the queue more than once anyway. the only reason we bother to check p->constructed at all is to avoid spurious failure of dlopen when the library is already fully loaded and constructed. --- diff --git a/ldso/dynlink.c b/ldso/dynlink.c index f7474743..15e9e4f9 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -2055,8 +2055,9 @@ void *dlopen(const char *file, int mode) load_deps(p); extend_bfs_deps(p); pthread_mutex_lock(&init_fini_lock); - if (!p->constructed) ctor_queue = queue_ctors(p); + int constructed = p->constructed; pthread_mutex_unlock(&init_fini_lock); + if (!constructed) ctor_queue = queue_ctors(p); if (!p->relocated && (mode & RTLD_LAZY)) { prepare_lazy(p); for (i=0; p->deps[i]; i++)