/* Map in a shared object's segments from the file.

   Copyright (C) 1995-2018 Free Software Foundation, Inc.

   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Lesser General Public

   License as published by the Free Software Foundation; either

   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public

   License along with the GNU C Library; if not, see

   <http://www.gnu.org/licenses/>.  */

#include <elf.h>

#include <errno.h>

#include <fcntl.h>

#include <libintl.h>

#include <stdbool.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <ldsodefs.h>

#include <bits/wordsize.h>

#include <sys/mman.h>

#include <sys/param.h>

#include <sys/stat.h>

#include <sys/types.h>

/* Type for the buffer we put the ELF header and hopefully the program

   header.  This buffer does not really have to be too large.  In most

   cases the program header follows the ELF header directly.  If this

   is not the case all bets are off and we can make the header

   arbitrarily large and still won't get it read.  This means the only

   question is how large are the ELF and program header combined.  The

   ELF header 32-bit files is 52 bytes long and in 64-bit files is 64

   bytes long.  Each program header entry is again 32 and 56 bytes

   long respectively.  I.e., even with a file which has 10 program

   header entries we only have to read 372B/624B respectively.  Add to

   this a bit of margin for program notes and reading 512B and 832B

   for 32-bit and 64-bit files respecitvely is enough.  If this

   heuristic should really fail for some file the code in

   `_dl_map_object_from_fd' knows how to recover.  */

struct filebuf

{

  ssize_t len;

#if __WORDSIZE == 32

# define FILEBUF_SIZE 512

#else

# define FILEBUF_SIZE 832

#endif

  char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));

};

#include "dynamic-link.h"

#include <abi-tag.h>

#include <stackinfo.h>

#include <sysdep.h>

#include <stap-probe.h>

#include <libc-pointer-arith.h>

#include <array_length.h>

#include <dl-dst.h>

#include <dl-load.h>

#include <dl-map-segments.h>

#include <dl-unmap-segments.h>

#include <dl-machine-reject-phdr.h>

#include <dl-sysdep-open.h>

#include <dl-prop.h>

#include <not-cancel.h>

#include <endian.h>

#if BYTE_ORDER == BIG_ENDIAN

# define byteorder ELFDATA2MSB

#elif BYTE_ORDER == LITTLE_ENDIAN

# define byteorder ELFDATA2LSB

#else

# error "Unknown BYTE_ORDER " BYTE_ORDER

# define byteorder ELFDATANONE

#endif

#define STRING(x) __STRING (x)

int __stack_prot attribute_hidden attribute_relro

#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN

  = PROT_GROWSDOWN;

#elif _STACK_GROWS_UP && defined PROT_GROWSUP

  = PROT_GROWSUP;

#else

  = 0;

#endif

/* This is the decomposed LD_LIBRARY_PATH search path.  */

static struct r_search_path_struct env_path_list attribute_relro;

/* List of the hardware capabilities we might end up using.  */

static const struct r_strlenpair *capstr attribute_relro;

static size_t ncapstr attribute_relro;

static size_t max_capstrlen attribute_relro;

/* Get the generated information about the trusted directories.  Use

   an array of concatenated strings to avoid relocations.  See

   gen-trusted-dirs.awk.  */

#include "trusted-dirs.h"

static const char system_dirs[] = SYSTEM_DIRS;

static const size_t system_dirs_len[] =

{

  SYSTEM_DIRS_LEN

};

#define nsystem_dirs_len array_length (system_dirs_len)

static bool

is_trusted_path_normalize (const char *path, size_t len)

{

  if (len == 0)

    return false;

  char *npath = (char *) alloca (len + 2);

  char *wnp = npath;

  while (*path != '\0')

    {

      if (path[0] == '/')

	{

	  if (path[1] == '.')

	    {

	      if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))

		{

		  while (wnp > npath && *--wnp != '/')

		    ;

		  path += 3;

		  continue;

		}

	      else if (path[2] == '/' || path[2] == '\0')

		{

		  path += 2;

		  continue;

		}

	    }

	  if (wnp > npath && wnp[-1] == '/')

	    {

	      ++path;

	      continue;

	    }

	}

      *wnp++ = *path++;

    }

  if (wnp == npath || wnp[-1] != '/')

    *wnp++ = '/';

  const char *trun = system_dirs;

  for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)

    {

      if (wnp - npath >= system_dirs_len[idx]

	  && memcmp (trun, npath, system_dirs_len[idx]) == 0)

	/* Found it.  */

	return true;

      trun += system_dirs_len[idx] + 1;

    }

  return false;

}

/* Given a substring starting at INPUT, just after the DST '$' start

   token, determine if INPUT contains DST token REF, following the

   ELF gABI rules for DSTs:

   * Longest possible sequence using the rules (greedy).

   * Must start with a $ (enforced by caller).

   * Must follow $ with one underscore or ASCII [A-Za-z] (caller

     follows these rules for REF) or '{' (start curly quoted name).

   * Must follow first two characters with zero or more [A-Za-z0-9_]

     (enforced by caller) or '}' (end curly quoted name).

   If the sequence is a DST matching REF then the length of the DST

   (excluding the $ sign but including curly braces, if any) is

   returned, otherwise 0.  */

static size_t

is_dst (const char *input, const char *ref)

{

  bool is_curly = false;

  /* Is a ${...} input sequence?  */

  if (input[0] == '{')

    {

      is_curly = true;

      ++input;

    }

  /* Check for matching name, following closing curly brace (if

     required), or trailing characters which are part of an

     identifier.  */

  size_t rlen = strlen (ref);

  if (strncmp (input, ref, rlen) != 0

      || (is_curly && input[rlen] != '}')

      || ((input[rlen] >= 'A' && input[rlen] <= 'Z')

	  || (input[rlen] >= 'a' && input[rlen] <= 'z')

	  || (input[rlen] >= '0' && input[rlen] <= '9')

	  || (input[rlen] == '_')))

    return 0;

  if (is_curly)

    /* Count the two curly braces.  */

    return rlen + 2;

  else

    return rlen;

}

/* INPUT should be the start of a path e.g DT_RPATH or name e.g.

   DT_NEEDED.  The return value is the number of known DSTs found.  We

   count all known DSTs regardless of __libc_enable_secure; the caller

   is responsible for enforcing the security of the substitution rules

   (usually _dl_dst_substitute).  */

size_t

_dl_dst_count (const char *input)

{

  size_t cnt = 0;

  input = strchr (input, '$');

  /* Most likely there is no DST.  */

  if (__glibc_likely (input == NULL))

    return 0;

  do

    {

      size_t len;

      ++input;

      /* All DSTs must follow ELF gABI rules, see is_dst ().  */

      if ((len = is_dst (input, "ORIGIN")) != 0

	  || (len = is_dst (input, "PLATFORM")) != 0

	  || (len = is_dst (input, "LIB")) != 0)

	++cnt;

      /* There may be more than one DST in the input.  */

      input = strchr (input + len, '$');

    }

  while (input != NULL);

  return cnt;

}

/* Process INPUT for DSTs and store in RESULT using the information

   from link map L to resolve the DSTs. This function only handles one

   path at a time and does not handle colon-separated path lists (see

   fillin_rpath ()).  Lastly the size of result in bytes should be at

   least equal to the value returned by DL_DST_REQUIRED.  Note that it

   is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to

   have colons, but we treat those as literal colons here, not as path

   list delimeters.  */

char *

_dl_dst_substitute (struct link_map *l, const char *input, char *result)

{

  /* Copy character-by-character from input into the working pointer

     looking for any DSTs.  We track the start of input and if we are

     going to check for trusted paths, all of which are part of $ORIGIN

     handling in SUID/SGID cases (see below).  In some cases, like when

     a DST cannot be replaced, we may set result to an empty string and

     return.  */

  char *wp = result;

  const char *start = input;

  bool check_for_trusted = false;

  do

    {

      if (__glibc_unlikely (*input == '$'))

	{

	  const char *repl = NULL;

	  size_t len;

	  ++input;

	  if ((len = is_dst (input, "ORIGIN")) != 0)

	    {

	      /* For SUID/GUID programs we normally ignore the path with

		 $ORIGIN in DT_RUNPATH, or DT_RPATH.  However, there is

		 one exception to this rule, and it is:

		   * $ORIGIN appears as the first path element, and is

		     the only string in the path or is immediately

		     followed by a path separator and the rest of the

		     path,

		   and ...

		   * The path is rooted in a trusted directory.

		 This exception allows such programs to reference

		 shared libraries in subdirectories of trusted

		 directories.  The use case is one of general

		 organization and deployment flexibility.

		 Trusted directories are usually such paths as "/lib64"

		 or "/usr/lib64", and the usual RPATHs take the form of

		 [$ORIGIN/../$LIB/somedir].  */

	      if (__glibc_unlikely (__libc_enable_secure)

		  && !(input == start + 1

		       && (input[len] == '\0' || input[len] == '/')))

		repl = (const char *) -1;

	      else

	        repl = l->l_origin;

	      check_for_trusted = (__libc_enable_secure

				   && l->l_type == lt_executable);

	    }

	  else if ((len = is_dst (input, "PLATFORM")) != 0)

	    repl = GLRO(dl_platform);

	  else if ((len = is_dst (input, "LIB")) != 0)

	    repl = DL_DST_LIB;

	  if (repl != NULL && repl != (const char *) -1)

	    {

	      wp = __stpcpy (wp, repl);

	      input += len;

	    }

	  else if (len != 0)

	    {

	      /* We found a valid DST that we know about, but we could

	         not find a replacement value for it, therefore we

		 cannot use this path and discard it.  */

	      *result = '\0';

	      return result;

	    }

	  else

	    /* No DST we recognize.  */

	    *wp++ = '$';

	}

      else

	{

	  *wp++ = *input++;

	}

    }

  while (*input != '\0');

  /* In SUID/SGID programs, after $ORIGIN expansion the normalized

     path must be rooted in one of the trusted directories.  The $LIB

     and $PLATFORM DST cannot in any way be manipulated by the caller

     because they are fixed values that are set by the dynamic loader

     and therefore any paths using just $LIB or $PLATFORM need not be

     checked for trust, the authors of the binaries themselves are

     trusted to have designed this correctly.  Only $ORIGIN is tested in

     this way because it may be manipulated in some ways with hard

     links.  */

  if (__glibc_unlikely (check_for_trusted)

      && !is_trusted_path_normalize (result, wp - result))

    {

      *result = '\0';

      return result;

    }

  *wp = '\0';

  return result;

}

/* Return a malloc allocated copy of INPUT with all recognized DSTs

   replaced. On some platforms it might not be possible to determine the

   path from which the object belonging to the map is loaded.  In this

   case the path containing the DST is left out.  On error NULL

   is returned.  */

static char *

expand_dynamic_string_token (struct link_map *l, const char *input)

{

  /* We make two runs over the string.  First we determine how large the

     resulting string is and then we copy it over.  Since this is no

     frequently executed operation we are looking here not for performance

     but rather for code size.  */

  size_t cnt;

  size_t total;

  char *result;

  /* Determine the number of DSTs.  */

  cnt = _dl_dst_count (input);

  /* If we do not have to replace anything simply copy the string.  */

  if (__glibc_likely (cnt == 0))

    return __strdup (input);

  /* Determine the length of the substituted string.  */

  total = DL_DST_REQUIRED (l, input, strlen (input), cnt);

  /* Allocate the necessary memory.  */

  result = (char *) malloc (total + 1);

  if (result == NULL)

    return NULL;

  return _dl_dst_substitute (l, input, result);

}

/* Add `name' to the list of names for a particular shared object.

   `name' is expected to have been allocated with malloc and will

   be freed if the shared object already has this name.

   Returns false if the object already had this name.  */

static void

add_name_to_object (struct link_map *l, const char *name)

{

  struct libname_list *lnp, *lastp;

  struct libname_list *newname;

  size_t name_len;

  lastp = NULL;

  for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)

    if (strcmp (name, lnp->name) == 0)

      return;

  name_len = strlen (name) + 1;

  newname = (struct libname_list *) malloc (sizeof *newname + name_len);

  if (newname == NULL)

    {

      /* No more memory.  */

      _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));

      return;

    }

  /* The object should have a libname set from _dl_new_object.  */

  assert (lastp != NULL);

  newname->name = memcpy (newname + 1, name, name_len);

  newname->next = NULL;

  newname->dont_free = 0;

  lastp->next = newname;

}

/* Standard search directories.  */

static struct r_search_path_struct rtld_search_dirs attribute_relro;

static size_t max_dirnamelen;

static struct r_search_path_elem **

fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,

	      const char *what, const char *where, struct link_map *l)

{

  char *cp;

  size_t nelems = 0;

  while ((cp = __strsep (&rpath, sep)) != NULL)

    {

      struct r_search_path_elem *dirp;

      char *to_free = NULL;

      size_t len = 0;

      /* `strsep' can pass an empty string.  */

      if (*cp != '\0')

	{

	  to_free = cp = expand_dynamic_string_token (l, cp);

	  /* expand_dynamic_string_token can return NULL in case of empty

	     path or memory allocation failure.  */

	  if (cp == NULL)

	    continue;

	  /* Compute the length after dynamic string token expansion and

	     ignore empty paths.  */

	  len = strlen (cp);

	  if (len == 0)

	    {

	      free (to_free);

	      continue;

	    }

	  /* Remove trailing slashes (except for "/").  */

	  while (len > 1 && cp[len - 1] == '/')

	    --len;

	  /* Now add one if there is none so far.  */

	  if (len > 0 && cp[len - 1] != '/')

	    cp[len++] = '/';

	}

      /* See if this directory is already known.  */

      for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)

	if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)

	  break;

      if (dirp != NULL)

	{

	  /* It is available, see whether it's on our own list.  */

	  size_t cnt;

	  for (cnt = 0; cnt < nelems; ++cnt)

	    if (result[cnt] == dirp)

	      break;

	  if (cnt == nelems)

	    result[nelems++] = dirp;

	}

      else

	{

	  size_t cnt;

	  enum r_dir_status init_val;

	  size_t where_len = where ? strlen (where) + 1 : 0;

	  /* It's a new directory.  Create an entry and add it.  */

	  dirp = (struct r_search_path_elem *)

	    malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)

		    + where_len + len + 1);

	  if (dirp == NULL)

	    _dl_signal_error (ENOMEM, NULL, NULL,

			      N_("cannot create cache for search path"));

	  dirp->dirname = ((char *) dirp + sizeof (*dirp)

			   + ncapstr * sizeof (enum r_dir_status));

	  *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';

	  dirp->dirnamelen = len;

	  if (len > max_dirnamelen)

	    max_dirnamelen = len;

	  /* We have to make sure all the relative directories are

	     never ignored.  The current directory might change and

	     all our saved information would be void.  */

	  init_val = cp[0] != '/' ? existing : unknown;

	  for (cnt = 0; cnt < ncapstr; ++cnt)

	    dirp->status[cnt] = init_val;

	  dirp->what = what;

	  if (__glibc_likely (where != NULL))

	    dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1

				  + (ncapstr * sizeof (enum r_dir_status)),

				  where, where_len);

	  else

	    dirp->where = NULL;

	  dirp->next = GL(dl_all_dirs);

	  GL(dl_all_dirs) = dirp;

	  /* Put it in the result array.  */

	  result[nelems++] = dirp;

	}

      free (to_free);

    }

  /* Terminate the array.  */

  result[nelems] = NULL;

  return result;

}

static bool

decompose_rpath (struct r_search_path_struct *sps,

		 const char *rpath, struct link_map *l, const char *what)

{

  /* Make a copy we can work with.  */

  const char *where = l->l_name;

  char *cp;

  struct r_search_path_elem **result;

  size_t nelems;

  /* Initialize to please the compiler.  */

  const char *errstring = NULL;

  /* First see whether we must forget the RUNPATH and RPATH from this

     object.  */

  if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)

      && !__libc_enable_secure)

    {

      const char *inhp = GLRO(dl_inhibit_rpath);

      do

	{

	  const char *wp = where;

	  while (*inhp == *wp && *wp != '\0')

	    {

	      ++inhp;

	      ++wp;

	    }

	  if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))

	    {

	      /* This object is on the list of objects for which the

		 RUNPATH and RPATH must not be used.  */

	      sps->dirs = (void *) -1;

	      return false;

	    }

	  while (*inhp != '\0')

	    if (*inhp++ == ':')

	      break;

	}

      while (*inhp != '\0');

    }

  /* Ignore empty rpaths.  */

  if (*rpath == '\0')

    {

      sps->dirs = (struct r_search_path_elem **) -1;

      return false;

    }

  /* Make a writable copy.  */

  char *copy = __strdup (rpath);

  if (copy == NULL)

    {

      errstring = N_("cannot create RUNPATH/RPATH copy");

      goto signal_error;

    }

  /* Count the number of necessary elements in the result array.  */

  nelems = 0;

  for (cp = copy; *cp != '\0'; ++cp)

    if (*cp == ':')

      ++nelems;

  /* Allocate room for the result.  NELEMS + 1 is an upper limit for the

     number of necessary entries.  */

  result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)

						  * sizeof (*result));

  if (result == NULL)

    {

      free (copy);

      errstring = N_("cannot create cache for search path");

    signal_error:

      _dl_signal_error (ENOMEM, NULL, NULL, errstring);

    }

  fillin_rpath (copy, result, ":", what, where, l);

  /* Free the copied RPATH string.  `fillin_rpath' make own copies if

     necessary.  */

  free (copy);

  /* There is no path after expansion.  */

  if (result[0] == NULL)

    {

      free (result);

      sps->dirs = (struct r_search_path_elem **) -1;

      return false;

    }

  sps->dirs = result;

  /* The caller will change this value if we haven't used a real malloc.  */

  sps->malloced = 1;

  return true;

}

/* Make sure cached path information is stored in *SP

   and return true if there are any paths to search there.  */

static bool

cache_rpath (struct link_map *l,

	     struct r_search_path_struct *sp,

	     int tag,

	     const char *what)

{

  if (sp->dirs == (void *) -1)

    return false;

  if (sp->dirs != NULL)

    return true;

  if (l->l_info[tag] == NULL)

    {

      /* There is no path.  */

      sp->dirs = (void *) -1;

      return false;

    }

  /* Make sure the cache information is available.  */

  return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])

					      + l->l_info[tag]->d_un.d_val),

			  l, what);

}

void

_dl_init_paths (const char *llp)

{

  size_t idx;

  const char *strp;

  struct r_search_path_elem *pelem, **aelem;

  size_t round_size;

  struct link_map __attribute__ ((unused)) *l = NULL;

  /* Initialize to please the compiler.  */

  const char *errstring = NULL;

  /* Fill in the information about the application's RPATH and the

     directories addressed by the LD_LIBRARY_PATH environment variable.  */

  /* Get the capabilities.  */

  capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),

				 &ncapstr, &max_capstrlen);

  /* First set up the rest of the default search directory entries.  */

  aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)

    malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));

  if (rtld_search_dirs.dirs == NULL)

    {

      errstring = N_("cannot create search path array");

    signal_error:

      _dl_signal_error (ENOMEM, NULL, NULL, errstring);

    }

  round_size = ((2 * sizeof (struct r_search_path_elem) - 1

		 + ncapstr * sizeof (enum r_dir_status))

		/ sizeof (struct r_search_path_elem));

  rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size

				     * sizeof (*rtld_search_dirs.dirs[0]));

  if (rtld_search_dirs.dirs[0] == NULL)

    {

      errstring = N_("cannot create cache for search path");

      goto signal_error;

    }

  rtld_search_dirs.malloced = 0;

  pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];

  strp = system_dirs;

  idx = 0;

  do

    {

      size_t cnt;

      *aelem++ = pelem;

      pelem->what = "system search path";

      pelem->where = NULL;

      pelem->dirname = strp;

      pelem->dirnamelen = system_dirs_len[idx];

      strp += system_dirs_len[idx] + 1;

      /* System paths must be absolute.  */

      assert (pelem->dirname[0] == '/');

      for (cnt = 0; cnt < ncapstr; ++cnt)

	pelem->status[cnt] = unknown;

      pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));

      pelem += round_size;

    }

  while (idx < nsystem_dirs_len);

  max_dirnamelen = SYSTEM_DIRS_MAX_LEN;

  *aelem = NULL;

#ifdef SHARED

  /* This points to the map of the main object.  */

  l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;

  if (l != NULL)

    {

      assert (l->l_type != lt_loaded);

      if (l->l_info[DT_RUNPATH])

	{

	  /* Allocate room for the search path and fill in information

	     from RUNPATH.  */

	  decompose_rpath (&l->l_runpath_dirs,

			   (const void *) (D_PTR (l, l_info[DT_STRTAB])

					   + l->l_info[DT_RUNPATH]->d_un.d_val),

			   l, "RUNPATH");

	  /* During rtld init the memory is allocated by the stub malloc,

	     prevent any attempt to free it by the normal malloc.  */

	  l->l_runpath_dirs.malloced = 0;

	  /* The RPATH is ignored.  */

	  l->l_rpath_dirs.dirs = (void *) -1;

	}

      else

	{

	  l->l_runpath_dirs.dirs = (void *) -1;

	  if (l->l_info[DT_RPATH])

	    {

	      /* Allocate room for the search path and fill in information

		 from RPATH.  */

	      decompose_rpath (&l->l_rpath_dirs,

			       (const void *) (D_PTR (l, l_info[DT_STRTAB])

					       + l->l_info[DT_RPATH]->d_un.d_val),

			       l, "RPATH");

	      /* During rtld init the memory is allocated by the stub

		 malloc, prevent any attempt to free it by the normal

		 malloc.  */

	      l->l_rpath_dirs.malloced = 0;

	    }

	  else

	    l->l_rpath_dirs.dirs = (void *) -1;

	}

    }

#endif	/* SHARED */

  if (llp != NULL && *llp != '\0')

    {

      char *llp_tmp = strdupa (llp);

      /* Decompose the LD_LIBRARY_PATH contents.  First determine how many

	 elements it has.  */

      size_t nllp = 1;

      for (const char *cp = llp_tmp; *cp != '\0'; ++cp)

	if (*cp == ':' || *cp == ';')

	  ++nllp;

      env_path_list.dirs = (struct r_search_path_elem **)

	malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));

      if (env_path_list.dirs == NULL)

	{

	  errstring = N_("cannot create cache for search path");

	  goto signal_error;

	}

      (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",

			   "LD_LIBRARY_PATH", NULL, l);

      if (env_path_list.dirs[0] == NULL)

	{

	  free (env_path_list.dirs);

	  env_path_list.dirs = (void *) -1;

	}

      env_path_list.malloced = 0;

    }

  else

    env_path_list.dirs = (void *) -1;

}

static void

__attribute__ ((noreturn, noinline))

lose (int code, int fd, const char *name, char *realname, struct link_map *l,

      const char *msg, struct r_debug *r, Lmid_t nsid)

{

  /* The file might already be closed.  */

  if (fd != -1)

    (void) __close_nocancel (fd);

  if (l != NULL && l->l_origin != (char *) -1l)

    free ((char *) l->l_origin);

  free (l);

  free (realname);

  if (r != NULL)

    {

      r->r_state = RT_CONSISTENT;

      _dl_debug_state ();

      LIBC_PROBE (map_failed, 2, nsid, r);

    }

  _dl_signal_error (code, name, NULL, msg);

}

/* Map in the shared object NAME, actually located in REALNAME, and already

   opened on FD.  */

#ifndef EXTERNAL_MAP_FROM_FD

static

#endif

struct link_map *

_dl_map_object_from_fd (const char *name, const char *origname, int fd,

			struct filebuf *fbp, char *realname,

			struct link_map *loader, int l_type, int mode,

			void **stack_endp, Lmid_t nsid)

{

  struct link_map *l = NULL;

  const ElfW(Ehdr) *header;

  const ElfW(Phdr) *phdr;

  const ElfW(Phdr) *ph;

  size_t maplength;

  int type;

  /* Initialize to keep the compiler happy.  */

  const char *errstring = NULL;

  int errval = 0;

  struct r_debug *r = _dl_debug_initialize (0, nsid);

  bool make_consistent = false;

  /* Get file information.  */

  struct r_file_id id;