diff options
Diffstat (limited to 'main/musl/0007-fix-invalid-library-phdr-pointers-passed-to-callback.patch')
| -rw-r--r-- | main/musl/0007-fix-invalid-library-phdr-pointers-passed-to-callback.patch | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/main/musl/0007-fix-invalid-library-phdr-pointers-passed-to-callback.patch b/main/musl/0007-fix-invalid-library-phdr-pointers-passed-to-callback.patch deleted file mode 100644 index 39049963c..000000000 --- a/main/musl/0007-fix-invalid-library-phdr-pointers-passed-to-callback.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 0ccea50c697512b4bcbe76780260dfba09450327 Mon Sep 17 00:00:00 2001 -From: Rich Felker <dalias@aerifal.cx> -Date: Wed, 10 Jul 2013 14:38:20 -0400 -Subject: [PATCH 07/10] fix invalid library phdr pointers passed to callback - from dl_iterate_phdr - -map_library was saving pointers to an automatic-storage buffer rather -than pointers into the mapping. this should be a fairly simple fix, -but the patch here is slightly complicated by two issues: - -1. supporting gratuitously obfuscated ELF files where the program -headers are not right at the beginning of the file. - -2. cleaning up the map_library function so that data isn't clobbered -by the time we need it. ---- - src/ldso/dynlink.c | 25 ++++++++++++++++--------- - 1 file changed, 16 insertions(+), 9 deletions(-) - -diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c -index 7031d03..ff5b738 100644 ---- a/src/ldso/dynlink.c -+++ b/src/ldso/dynlink.c -@@ -309,7 +309,7 @@ static void *map_library(int fd, struct dso *dso) - size_t this_min, this_max; - off_t off_start; - Ehdr *eh; -- Phdr *ph; -+ Phdr *ph, *ph0; - unsigned prot; - unsigned char *map, *base; - size_t dyn; -@@ -324,11 +324,10 @@ static void *map_library(int fd, struct dso *dso) - if (eh->e_phoff + phsize > l) { - l = pread(fd, buf+1, phsize, eh->e_phoff); - if (l != phsize) return 0; -- eh->e_phoff = sizeof *eh; -+ ph = ph0 = (void *)(buf + 1); -+ } else { -+ ph = ph0 = (void *)((char *)buf + eh->e_phoff); - } -- ph = (void *)((char *)buf + eh->e_phoff); -- dso->phdr = ph; -- dso->phnum = eh->e_phnum; - for (i=eh->e_phnum; i; i--, ph=(void *)((char *)ph+eh->e_phentsize)) { - if (ph->p_type == PT_DYNAMIC) - dyn = ph->p_vaddr; -@@ -363,9 +362,18 @@ static void *map_library(int fd, struct dso *dso) - map = mmap((void *)addr_min, map_len, prot, MAP_PRIVATE, fd, off_start); - if (map==MAP_FAILED) return 0; - base = map - addr_min; -- ph = (void *)((char *)buf + eh->e_phoff); -- for (i=eh->e_phnum; i; i--, ph=(void *)((char *)ph+eh->e_phentsize)) { -+ dso->phdr = 0; -+ dso->phnum = 0; -+ for (ph=ph0, i=eh->e_phnum; i; i--, ph=(void *)((char *)ph+eh->e_phentsize)) { - if (ph->p_type != PT_LOAD) continue; -+ /* Check if the programs headers are in this load segment, and -+ * if so, record the address for use by dl_iterate_phdr. */ -+ if (!dso->phdr && eh->e_phoff >= ph->p_offset -+ && eh->e_phoff+phsize <= ph->p_offset+ph->p_filesz) { -+ dso->phdr = (void *)(base + ph->p_vaddr -+ + (eh->e_phoff-ph->p_offset)); -+ dso->phnum = eh->e_phnum; -+ } - /* Reuse the existing mapping for the lowest-address LOAD */ - if ((ph->p_vaddr & -PAGE_SIZE) == addr_min) continue; - this_min = ph->p_vaddr & -PAGE_SIZE; -@@ -390,8 +398,7 @@ static void *map_library(int fd, struct dso *dso) - goto error; - break; - } -- if (!runtime) reclaim_gaps(base, (void *)((char *)buf + eh->e_phoff), -- eh->e_phentsize, eh->e_phnum); -+ if (!runtime) reclaim_gaps(base, ph0, eh->e_phentsize, eh->e_phnum); - dso->map = map; - dso->map_len = map_len; - dso->base = base; --- -1.8.3.2 - |