ldso: fix calloc misuse allocating initial tls

this is analogous to commit 2f1f51ae7b, and should have been caught at the same time since it was right next to the code moved in that commit. between final stage 3 reloc_all and the jump to the main program's entry point, it is not valid to call any functions which may be interposed by the application; doing so results in execution of application code before ctors have run, and on fdpic archs, before the main program's fdpic self-fixups have taken place, which will produce runaway wrong execution.
2025-01-06 23:02:10 +03:00 · 2019-08-11 11:48:06 -04:00 · 2019-08-11 11:48:06 -04:00 · ffab43602b
commit ffab43602b
parent 7844ecb590
1 changed files with 7 additions and 5 deletions
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@ -1874,11 +1874,8 @@ void __dls3(size_t *sp)
 	 * code can see to perform. */
 	main_ctor_queue = queue_ctors(&app);

-	/* The main program must be relocated LAST since it may contin
-	 * copy relocations which depend on libraries' relocations. */
-	reloc_all(app.next);
-	reloc_all(&app);
-
+	/* Initial TLS must also be allocated before final relocations
+	 * might result in calloc being a call to application code. */
 	update_tls_size();
 	if (libc.tls_size > sizeof builtin_tls || tls_align > MIN_TLS_ALIGN) {
 		void *initial_tls = calloc(libc.tls_size, 1);
@ -1902,6 +1899,11 @@ void __dls3(size_t *sp)
 	}
 	static_tls_cnt = tls_cnt;

+	/* The main program must be relocated LAST since it may contin
+	 * copy relocations which depend on libraries' relocations. */
+	reloc_all(app.next);
+	reloc_all(&app);
+
 	if (ldso_fail) _exit(127);
 	if (ldd_mode) _exit(0);