Merge pull request #835 from barnabasdomozi/fix_heap_use_after_free

mcserep · web-flow · commit 3755e3f94f22 · 2026-03-03T09:16:34.000+01:00
Fix heap use-after-free in shared object loading
diff --git a/parser/src/pluginhandler.cpp b/parser/src/pluginhandler.cpp
@@ -52,8 +52,17 @@ void PluginHandler::loadPlugins(std::vector<std::string>& skipParserList_)
         skipParserList_.end())
       {
         std::string dynamicLibraryPath = dirIter->path().string();
+        int dlopenFlags = RTLD_NOW;
+        if (filename == "pythonparser")
+        {
+          // RTLD_GLOBAL:
+          // The symbols defined by this shared object will be made available for
+          // symbol resolution of subsequently loaded shared objects.
+          dlopenFlags |= RTLD_GLOBAL;
+        }
+
         _dynamicLibraries[filename] = util::DynamicLibraryPtr(
-          new util::DynamicLibrary(dynamicLibraryPath));
+          new util::DynamicLibrary(dynamicLibraryPath, dlopenFlags));
       }
       else
       {
diff --git a/util/include/util/dynamiclibrary.h b/util/include/util/dynamiclibrary.h
@@ -21,7 +21,7 @@ class DynamicLibrary
 {
 public:
   DynamicLibrary(void* handle_);
-  DynamicLibrary(const std::string& path_);
+  DynamicLibrary(const std::string& path_, int dlopen_flags_ = RTLD_NOW);
   
   ~DynamicLibrary();
 
diff --git a/util/src/dynamiclibrary.cpp b/util/src/dynamiclibrary.cpp
@@ -16,7 +16,7 @@ std::string DynamicLibrary::extension()
 
 DynamicLibrary::DynamicLibrary(void* handle_) : _handle(handle_){}
 
-DynamicLibrary::DynamicLibrary(const std::string& path_)
+DynamicLibrary::DynamicLibrary(const std::string& path_, int dlopen_flags_)
 {
   if (path_.empty())
   {
@@ -37,7 +37,7 @@ DynamicLibrary::DynamicLibrary(const std::string& path_)
     throw std::runtime_error(ss.str());
   }
 #else
-  _handle = ::dlopen(path_.c_str(), RTLD_NOW | RTLD_GLOBAL);
+  _handle = ::dlopen(path_.c_str(), dlopen_flags_);
   if (!_handle)
   {
     const char *dlError = ::dlerror();

Original file line number	Diff line number	Diff line change
`@@ -52,8 +52,17 @@ void PluginHandler::loadPlugins(std::vector<std::string>& skipParserList_)`
`52`	`52`	`skipParserList_.end())`
`53`	`53`	`{`
`54`	`54`	`std::string dynamicLibraryPath = dirIter->path().string();`
	`55`	`+ int dlopenFlags = RTLD_NOW;`
	`56`	`+ if (filename == "pythonparser")`
	`57`	`+ {`
	`58`	`+ // RTLD_GLOBAL:`
	`59`	`+ // The symbols defined by this shared object will be made available for`
	`60`	`+ // symbol resolution of subsequently loaded shared objects.`
	`61`	`+ dlopenFlags \|= RTLD_GLOBAL;`
	`62`	`+ }`
	`63`	`+`
`55`	`64`	`_dynamicLibraries[filename] = util::DynamicLibraryPtr(`
`56`		`- new util::DynamicLibrary(dynamicLibraryPath));`
	`65`	`+ new util::DynamicLibrary(dynamicLibraryPath, dlopenFlags));`
`57`	`66`	`}`
`58`	`67`	`else`
`59`	`68`	`{`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ class DynamicLibrary`
`21`	`21`	`{`
`22`	`22`	`public:`
`23`	`23`	`DynamicLibrary(void* handle_);`
`24`		`- DynamicLibrary(const std::string& path_);`
	`24`	`+ DynamicLibrary(const std::string& path_, int dlopen_flags_ = RTLD_NOW);`
`25`	`25`
`26`	`26`	`~DynamicLibrary();`
`27`	`27`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ std::string DynamicLibrary::extension()`
`16`	`16`
`17`	`17`	`DynamicLibrary::DynamicLibrary(void* handle_) : _handle(handle_){}`
`18`	`18`
`19`		`-DynamicLibrary::DynamicLibrary(const std::string& path_)`
	`19`	`+DynamicLibrary::DynamicLibrary(const std::string& path_, int dlopen_flags_)`
`20`	`20`	`{`
`21`	`21`	`if (path_.empty())`
`22`	`22`	`{`
`@@ -37,7 +37,7 @@ DynamicLibrary::DynamicLibrary(const std::string& path_)`
`37`	`37`	`throw std::runtime_error(ss.str());`
`38`	`38`	`}`
`39`	`39`	`#else`
`40`		`- _handle = ::dlopen(path_.c_str(), RTLD_NOW \| RTLD_GLOBAL);`
	`40`	`+ _handle = ::dlopen(path_.c_str(), dlopen_flags_);`
`41`	`41`	`if (!_handle)`
`42`	`42`	`{`
`43`	`43`	`const char *dlError = ::dlerror();`