From e5cfafe3446a33b0c77416061d598bf76d580ee0 Mon Sep 17 00:00:00 2001
From: Dmitriy Ivanov <dimitry@google.com>
Date: Fri, 17 Jul 2015 10:36:10 -0700
Subject: [PATCH] Fix potential race condition on dlopen

  Call to find_containing_library should be guarded.

Change-Id: I985a903da48b83bcd35e957a979158eb9b80e70b
---
 linker/dlfcn.cpp | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/linker/dlfcn.cpp b/linker/dlfcn.cpp
index 4993568fe..f1b26c9e1 100644
--- a/linker/dlfcn.cpp
+++ b/linker/dlfcn.cpp
@@ -68,8 +68,9 @@ void android_update_LD_LIBRARY_PATH(const char* ld_library_path) {
 }
 
 static void* dlopen_ext(const char* filename, int flags,
-                        const android_dlextinfo* extinfo, soinfo* caller) {
+                        const android_dlextinfo* extinfo, void* caller_addr) {
   ScopedPthreadMutexLocker locker(&g_dl_mutex);
+  soinfo* caller = find_containing_library(caller_addr);
   soinfo* result = do_dlopen(filename, flags, extinfo, caller);
   if (result == nullptr) {
     __bionic_format_dlerror("dlopen failed", linker_get_error_buffer());
@@ -80,14 +81,12 @@ static void* dlopen_ext(const char* filename, int flags,
 
 void* android_dlopen_ext(const char* filename, int flags, const android_dlextinfo* extinfo) {
   void* caller_addr = __builtin_return_address(0);
-  soinfo* caller = find_containing_library(caller_addr);
-  return dlopen_ext(filename, flags, extinfo, caller);
+  return dlopen_ext(filename, flags, extinfo, caller_addr);
 }
 
 void* dlopen(const char* filename, int flags) {
   void* caller_addr = __builtin_return_address(0);
-  soinfo* caller = find_containing_library(caller_addr);
-  return dlopen_ext(filename, flags, nullptr, caller);
+  return dlopen_ext(filename, flags, nullptr, caller_addr);
 }
 
 void* dlsym(void* handle, const char* symbol) {