diff options
| author | Martin Stjernholm <mast@google.com> | 2019-01-17 00:18:44 +0000 |
|---|---|---|
| committer | Martin Stjernholm <mast@google.com> | 2019-01-17 00:48:18 +0000 |
| commit | de853ffa7fd84e3e2b27ef9cc546d4d4ba300488 (patch) | |
| tree | 166b02d35bb3e34f2cfc0dff4dd55a6a87dbb36f /libc/malloc_hooks/malloc_hooks.cpp | |
| parent | b21fc16a22cec7056a5231568e1eac636c115b19 (diff) | |
Fix fd leak in android_dlopen_ext.
It can happen e.g. if android_dlopen_ext is called with an absolute path to
a file that is not accessible in the current namespace. The first
load_library call in find_library_internal will then open the file and
assign its fd to the task and return false. Then linked namespaces are
searched, and load_library gets called again and opens the same file and
overwrites the fd in the task without closing it first. (In one of the later
calls the namespace config might very well allow the file to be loaded and
the android_dlopen_ext call eventually returns successfully, and the process
continues with the leaked fd.)
The code could perhaps be changed to avoid opening the file repeatedly in
these cases, but the LoadTask class should arguably keep its state clean
anyway.
Bug: 113373927
Test: Flash and boot device with (and without) http://r.android.com/812674,
which moves libart.so to the runtime namespace and thus makes it load
/system/framework/*/boot*.oat files across the namespace boundary from
runtime to default.
Change-Id: Iae91b7c743c5f3f973506153ba52898ae72e6fee
Diffstat (limited to 'libc/malloc_hooks/malloc_hooks.cpp')
0 files changed, 0 insertions, 0 deletions