From 15ff949f29fb67c87a63a332b0078a87a5bf9027 Mon Sep 17 00:00:00 2001
From: avg <avg@FreeBSD.org>
Date: Fri, 25 Mar 2011 18:23:10 +0000
Subject: rtld: eliminate double call to close(2) that may occur in load_object

The second close(2) call resulted in heisenbugs in some multi-threaded
applications where e.g. dlopen(3) call in one thread could close a file
descriptor for a file having been opened in other thread concurrently.

My litmus test for this issue was an openoffice.org build.

Reviewed by:	jhb
MFC after:	2 weeks
---
 libexec/rtld-elf/rtld.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'libexec')

diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index 948cf49..5c2db0a 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -1633,12 +1633,9 @@ load_object(const char *name, const Obj_Entry *refobj, int flags)
 	free(path);
 	return NULL;
     }
-    for (obj = obj_list->next;  obj != NULL;  obj = obj->next) {
-	if (obj->ino == sb.st_ino && obj->dev == sb.st_dev) {
-	    close(fd);
+    for (obj = obj_list->next;  obj != NULL;  obj = obj->next)
+	if (obj->ino == sb.st_ino && obj->dev == sb.st_dev)
 	    break;
-	}
-    }
     if (obj != NULL) {
 	object_add_name(obj, name);
 	free(path);
-- 
cgit v1.1