83e5c415da
- Add prototype support for detecting invalid IFUNC calls (swbz#20019). - New POSIX thread condition variable implementation (swbz#13165).
34 lines
1019 B
Diff
34 lines
1019 B
Diff
Bug 20019 - NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
|
|
|
|
Prototype patch by H.J. Lu <hjl.tools@gmail.com> to error
|
|
out when IFUNC being resolved is for another map that hasn't
|
|
yet been relocated.
|
|
|
|
--- a/sysdeps/x86_64/dl-machine.h
|
|
+++ a/sysdeps/x86_64/dl-machine.h
|
|
@@ -331,7 +331,23 @@ elf_machine_rela (struct link_map *map, const ElfW(Rela) *reloc,
|
|
0)
|
|
&& __builtin_expect (sym->st_shndx != SHN_UNDEF, 1)
|
|
&& __builtin_expect (!skip_ifunc, 1))
|
|
- value = ((ElfW(Addr) (*) (void)) value) ();
|
|
+ {
|
|
+# ifndef RTLD_BOOTSTRAP
|
|
+ if (sym_map != map
|
|
+ && sym_map->l_type != lt_executable
|
|
+ && !sym_map->l_relocated)
|
|
+ {
|
|
+ const char *strtab
|
|
+ = (const char *) D_PTR (map, l_info[DT_STRTAB]);
|
|
+ _dl_fatal_printf ("\
|
|
+%s: Relink `%s' with `%s' for IFUNC symbol `%s'\n",
|
|
+ RTLD_PROGNAME, map->l_name,
|
|
+ sym_map->l_name,
|
|
+ strtab + refsym->st_name);
|
|
+ }
|
|
+#endif
|
|
+ value = ((ElfW(Addr) (*) (void)) value) ();
|
|
+ }
|
|
|
|
switch (r_type)
|
|
{
|