From b27eb9ce96b838622e125fd969e8dc4914aabe18 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Fri, 3 May 2024 12:32:01 +0300 Subject: [PATCH] __cxa_thread_call_dtors(3): fix dtor pointer validity check When checking for the destructor pointer belonging to some still loaded dso, do not limit the possible dso to the one instantiated the destructor. For instance, dso could set up the dtr pointer to a function from libcxx. PR: 278701 Reported by: vd Reviewed by: dim, emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D45074 --- lib/libc/stdlib/cxa_thread_atexit_impl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libc/stdlib/cxa_thread_atexit_impl.c b/lib/libc/stdlib/cxa_thread_atexit_impl.c index f95384b3034..3123bd12dca 100644 --- a/lib/libc/stdlib/cxa_thread_atexit_impl.c +++ b/lib/libc/stdlib/cxa_thread_atexit_impl.c @@ -102,7 +102,7 @@ walk_cb_call(struct cxa_thread_dtor *dtor) { struct dl_phdr_info phdr_info; - if (_rtld_addr_phdr(dtor->dso, &phdr_info) && + if (_rtld_addr_phdr(dtor->func, &phdr_info) && __elf_phdr_match_addr(&phdr_info, dtor->func)) dtor->func(dtor->obj); else