22 lines
867 B
Diff
22 lines
867 B
Diff
|
diff -rup a/elf/dl-load.c b/elf/dl-load.c
|
||
|
--- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700
|
||
|
+++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700
|
||
|
@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name
|
||
|
= N_("ELF load command address/offset not properly aligned");
|
||
|
goto call_lose;
|
||
|
}
|
||
|
+ if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0))
|
||
|
+ {
|
||
|
+ /* If the segment requires zeroing of part of its last
|
||
|
+ page, we'll crash when accessing the unmapped page.
|
||
|
+ There's still a possibility of a race, if the shared
|
||
|
+ object is truncated between the fxstat above and the
|
||
|
+ memset below. */
|
||
|
+ errstring = N_("ELF load command past end of file");
|
||
|
+ goto call_lose;
|
||
|
+ }
|
||
|
|
||
|
c = &loadcmds[nloadcmds++];
|
||
|
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
|
||
|
Only in b/elf: dl-load.c.orig
|