- Avoid mapping past end of shared object (#741105)
This commit is contained in:
Jeff Law
parent
360c4a1c78
commit
92f446a92e
21
glibc-rh741105.patch
Normal file
21
glibc-rh741105.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -rup a/elf/dl-load.c b/elf/dl-load.c
|
||||
--- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700
|
||||
+++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700
|
||||
@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name
|
||||
= N_("ELF load command address/offset not properly aligned");
|
||||
goto call_lose;
|
||||
}
|
||||
+ if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0))
|
||||
+ {
|
||||
+ /* If the segment requires zeroing of part of its last
|
||||
+ page, we'll crash when accessing the unmapped page.
|
||||
+ There's still a possibility of a race, if the shared
|
||||
+ object is truncated between the fxstat above and the
|
||||
+ memset below. */
|
||||
+ errstring = N_("ELF load command past end of file");
|
||||
+ goto call_lose;
|
||||
+ }
|
||||
|
||||
c = &loadcmds[nloadcmds++];
|
||||
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
|
||||
Only in b/elf: dl-load.c.orig
|
||||
@ -28,7 +28,7 @@
|
||||
Summary: The GNU libc libraries
|
||||
Name: glibc
|
||||
Version: %{glibcversion}
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
||||
# Things that are linked directly into dynamically linked programs
|
||||
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
||||
@ -70,6 +70,8 @@ Patch17: %{name}-rh783979.patch
|
||||
# Needs to go upstream
|
||||
Patch18: %{name}-rh657588.patch
|
||||
Patch19: %{name}-rh787201.patch
|
||||
# Sent upstream, awaiting feedback
|
||||
Patch20: %{name}-rh741105.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Obsoletes: glibc-profile < 2.4
|
||||
@ -307,6 +309,7 @@ rm -rf %{glibcportsdir}
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
|
||||
# A lot of programs still misuse memcpy when they have to use
|
||||
# memmove. The memcpy implementation below is not tolerant at
|
||||
@ -1159,7 +1162,8 @@ rm -f *.filelist*
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-9
|
||||
* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-10
|
||||
- Avoid mapping past end of shared object (#741105)
|
||||
- Turn off -mno-minimal-toc on PPC (#787201)
|
||||
- Remove hunk from glibc-rh657588.patch that didn't belong
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user