when use dlopen as below,
dlhandler = dlopen(DLL_PATH,RTLD_LAZY);if dlopen was called in unsafe sequence, such as called after creating thead.
it's possible to cause a race condition between dlopen called by one thread and lazy symbol resolving executed by another thread.
and thread executed lazy symbol resolving would get NULL pointer instead of correct one.
<_dl_name_match_p+64>: ldr r1, [r4] // r4 is 0, but update to on-zero value later.
and runp->name ( [r1] ) may be Null and trigger crash.
unhandled page fault (11) at 0x00000000, code 0x017 .
288 {
289 if (strcmp (name, map->l_name) == 0)
290 return 1;
291
292 struct libname_list *runp = map->l_libname;
293
294 while (runp != NULL)
295 if (strcmp (name, runp->name) == 0)
296 return 1;
297 else
298 runp = runp->next;
299
300 return 0;
301 }
2070
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
