commit 4fa6d9978a690fd4553279db0619093c22acf968
author Ryan Prichard <rprichard@google.com> Thu Mar 26 21:31:43 2020 -0700
committer Ryan Prichard <rprichard@google.com> Fri Mar 27 18:46:28 2020 -0700
tree 6caf35077b807969e235878931187c73766048b7
parent 146620b6443f84d955697cae1c40b9f1b9bd3928

Remove dangling soinfo* from elf_readers_map_

If ElfReader::Read fails, then it is hazardous to leave the invalid
ElfReader in the soinfo*->ElfReader table, because a future soinfo
object could happen to have the same address, then reuse the invalid
ElfReader. I'm not sure whether this can break anything, because the
linker would call ElfReader::Read on the invalid object and overwrite
its previous value.

Test: bionic unit tests
Bug: none
Change-Id: Ibabbf559443441b9caeacc34ca165feaafe5e3a7

linker/linker.cpp

diff --git a/linker/linker.cpp b/linker/linker.cpp
index ac83cae..090e7f0 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -602,6 +602,11 @@
     return start_from_;
   }
 
+  void remove_cached_elf_reader() {
+    CHECK(si_ != nullptr);
+    (*elf_readers_map_).erase(si_);
+  }
+
   const ElfReader& get_elf_reader() const {
     CHECK(si_ != nullptr);
     return (*elf_readers_map_)[si_];
@@ -1272,8 +1277,9 @@
 
   // Read the ELF header and some of the segments.
   if (!task->read(realpath.c_str(), file_stat.st_size)) {
-    soinfo_free(si);
+    task->remove_cached_elf_reader();
     task->set_soinfo(nullptr);
+    soinfo_free(si);
     return false;
   }