svn commit: r239962 - head/contrib/binutils/binutils
Dimitry Andric
dim at FreeBSD.org
Fri Aug 31 23:28:41 UTC 2012
Author: dim
Date: Fri Aug 31 23:28:41 2012
New Revision: 239962
URL: http://svn.freebsd.org/changeset/base/239962
Log:
Fix a twelve year old bug in readelf: when process_dynamic_segment()
encounters a DT_RUNPATH entry, the global dynamic_info[] array is
overrun, causing some other global variable to be overwritten.
In my testcase, this was the section_headers variable, leading to
segfaults or jemalloc assertions when it was freed later on.
Thanks to Koop Mast for providing samples of a few "bad" .so files.
MFC after: 1 week
Modified:
head/contrib/binutils/binutils/readelf.c
Modified: head/contrib/binutils/binutils/readelf.c
==============================================================================
--- head/contrib/binutils/binutils/readelf.c Fri Aug 31 22:37:08 2012 (r239961)
+++ head/contrib/binutils/binutils/readelf.c Fri Aug 31 23:28:41 2012 (r239962)
@@ -174,7 +174,7 @@ static Elf_Internal_Syminfo *dynamic_sym
static unsigned long dynamic_syminfo_offset;
static unsigned int dynamic_syminfo_nent;
static char program_interpreter[PATH_MAX];
-static bfd_vma dynamic_info[DT_JMPREL + 1];
+static bfd_vma dynamic_info[DT_ENCODING];
static bfd_vma dynamic_info_DT_GNU_HASH;
static bfd_vma version_info[16];
static Elf_Internal_Ehdr elf_header;
More information about the svn-src-all
mailing list