From b3d31460fbf188997c7337296a61409529f7c974 Mon Sep 17 00:00:00 2001
From: Carmelo Amoroso <carmelo.amoroso@st.com>
Date: Thu, 3 Dec 2009 13:33:16 +0100
Subject: ldso_tls: Refetch dtv from memory if THREAD_DTV has changed

_dl_update_slotinfo might change THREAD_DTV () (if it needs to reallocate it),
but the caller (__tls_get_addr) doesn't refetch dtv from memory, it uses its
cached copy. This may crash (if dtv[GET_ADDR_MODULE] is off the cliff, or
might read uninitialized memory and return it.
Typically dtv[GET_ADDR_MODULE].pointer.val is NULL and so __tls_get_addr
returns NULL + offset_within_PT_TLS. The next time __tls_get_addr is called
for the same library it will return correct address as _dl_update_slotinfo
won't need to be called.

Signed-off-by: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Signed-off-by: Carmelo Amoroso <carmelo.amoroso@st.com>
---
 ldso/ldso/dl-tls.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ldso')

diff --git a/ldso/ldso/dl-tls.c b/ldso/ldso/dl-tls.c
index 52b7aa534..d2808f968 100644
--- a/ldso/ldso/dl-tls.c
+++ b/ldso/ldso/dl-tls.c
@@ -842,7 +842,10 @@ __tls_get_addr (GET_ADDR_ARGS)
   void *p;
 
   if (__builtin_expect (dtv[0].counter != _dl_tls_generation, 0))
-    the_map = _dl_update_slotinfo (GET_ADDR_MODULE);
+    {
+      the_map = _dl_update_slotinfo (GET_ADDR_MODULE);
+      dtv = THREAD_DTV ();
+    }
 
   p = dtv[GET_ADDR_MODULE].pointer.val;
 
-- 
cgit v1.2.3