- Avoid mapping past end of shared object (#741105)
This commit is contained in:
Jeff Law
parent
360c4a1c78
commit
92f446a92e
21
glibc-rh741105.patch
Normal file
21
glibc-rh741105.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -rup a/elf/dl-load.c b/elf/dl-load.c
|
||||||
|
--- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700
|
||||||
|
+++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700
|
||||||
|
@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name
|
||||||
|
= N_("ELF load command address/offset not properly aligned");
|
||||||
|
goto call_lose;
|
||||||
|
}
|
||||||
|
+ if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0))
|
||||||
|
+ {
|
||||||
|
+ /* If the segment requires zeroing of part of its last
|
||||||
|
+ page, we'll crash when accessing the unmapped page.
|
||||||
|
+ There's still a possibility of a race, if the shared
|
||||||
|
+ object is truncated between the fxstat above and the
|
||||||
|
+ memset below. */
|
||||||
|
+ errstring = N_("ELF load command past end of file");
|
||||||
|
+ goto call_lose;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
c = &loadcmds[nloadcmds++];
|
||||||
|
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
|
||||||
|
Only in b/elf: dl-load.c.orig
|
||||||
@ -28,7 +28,7 @@
|
|||||||
Summary: The GNU libc libraries
|
Summary: The GNU libc libraries
|
||||||
Name: glibc
|
Name: glibc
|
||||||
Version: %{glibcversion}
|
Version: %{glibcversion}
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
||||||
# Things that are linked directly into dynamically linked programs
|
# Things that are linked directly into dynamically linked programs
|
||||||
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
||||||
@ -70,6 +70,8 @@ Patch17: %{name}-rh783979.patch
|
|||||||
# Needs to go upstream
|
# Needs to go upstream
|
||||||
Patch18: %{name}-rh657588.patch
|
Patch18: %{name}-rh657588.patch
|
||||||
Patch19: %{name}-rh787201.patch
|
Patch19: %{name}-rh787201.patch
|
||||||
|
# Sent upstream, awaiting feedback
|
||||||
|
Patch20: %{name}-rh741105.patch
|
||||||
|
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
Obsoletes: glibc-profile < 2.4
|
Obsoletes: glibc-profile < 2.4
|
||||||
@ -307,6 +309,7 @@ rm -rf %{glibcportsdir}
|
|||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
%patch18 -p1
|
%patch18 -p1
|
||||||
%patch19 -p1
|
%patch19 -p1
|
||||||
|
%patch20 -p1
|
||||||
|
|
||||||
# A lot of programs still misuse memcpy when they have to use
|
# A lot of programs still misuse memcpy when they have to use
|
||||||
# memmove. The memcpy implementation below is not tolerant at
|
# memmove. The memcpy implementation below is not tolerant at
|
||||||
@ -1159,7 +1162,8 @@ rm -f *.filelist*
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-9
|
* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-10
|
||||||
|
- Avoid mapping past end of shared object (#741105)
|
||||||
- Turn off -mno-minimal-toc on PPC (#787201)
|
- Turn off -mno-minimal-toc on PPC (#787201)
|
||||||
- Remove hunk from glibc-rh657588.patch that didn't belong
|
- Remove hunk from glibc-rh657588.patch that didn't belong
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user