__cxa_thread_call_dtors(3): fix dtor pointer validity check

When checking for the destructor pointer belonging to some still
loaded dso, do not limit the possible dso to the one instantiated the
destructor. For instance, dso could set up the dtr pointer to a function
from libcxx.

PR:	278701
Reported by:	vd
Reviewed by:	dim, emaste, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D45074
This commit is contained in:
Konstantin Belousov 2024-05-03 12:32:01 +03:00
parent 548bfc56eb
commit b27eb9ce96

View File

@ -102,7 +102,7 @@ walk_cb_call(struct cxa_thread_dtor *dtor)
{ {
struct dl_phdr_info phdr_info; struct dl_phdr_info phdr_info;
if (_rtld_addr_phdr(dtor->dso, &phdr_info) && if (_rtld_addr_phdr(dtor->func, &phdr_info) &&
__elf_phdr_match_addr(&phdr_info, dtor->func)) __elf_phdr_match_addr(&phdr_info, dtor->func))
dtor->func(dtor->obj); dtor->func(dtor->obj);
else else