svn commit: r239962 - head/contrib/binutils/binutils

Dimitry Andric dim at FreeBSD.org
Fri Aug 31 23:28:41 UTC 2012


Author: dim
Date: Fri Aug 31 23:28:41 2012
New Revision: 239962
URL: http://svn.freebsd.org/changeset/base/239962

Log:
  Fix a twelve year old bug in readelf: when process_dynamic_segment()
  encounters a DT_RUNPATH entry, the global dynamic_info[] array is
  overrun, causing some other global variable to be overwritten.
  
  In my testcase, this was the section_headers variable, leading to
  segfaults or jemalloc assertions when it was freed later on.
  
  Thanks to Koop Mast for providing samples of a few "bad" .so files.
  
  MFC after:	1 week

Modified:
  head/contrib/binutils/binutils/readelf.c

Modified: head/contrib/binutils/binutils/readelf.c
==============================================================================
--- head/contrib/binutils/binutils/readelf.c	Fri Aug 31 22:37:08 2012	(r239961)
+++ head/contrib/binutils/binutils/readelf.c	Fri Aug 31 23:28:41 2012	(r239962)
@@ -174,7 +174,7 @@ static Elf_Internal_Syminfo *dynamic_sym
 static unsigned long dynamic_syminfo_offset;
 static unsigned int dynamic_syminfo_nent;
 static char program_interpreter[PATH_MAX];
-static bfd_vma dynamic_info[DT_JMPREL + 1];
+static bfd_vma dynamic_info[DT_ENCODING];
 static bfd_vma dynamic_info_DT_GNU_HASH;
 static bfd_vma version_info[16];
 static Elf_Internal_Ehdr elf_header;


More information about the svn-src-all mailing list