[Bug 224875] kldxref fails if a mod_depend md_cval is too close to the end of allocated sections
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jan 3 20:10:45 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224875
Bug ID: 224875
Summary: kldxref fails if a mod_depend md_cval is too close to
the end of allocated sections
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: emaste at freebsd.org
In kldxref.c:read_kld() we have a 33-byte cval buffer:
char ... cval[MAXMODNAME + 1] ...
into which we read a string:
check(EF_SEG_READ(&ef, (Elf_Off)md.md_cval, sizeof(cval), cval));
This requires that a 33-byte read is successful, however it may fail if the
string is shorter than 32 characters (plus the NUL) and is located near the
highest allocated address.
It appears this has never been an issue with ld.bfd, which places a loadable
.comment section after other sections of interest, so kldxref is free to read
unrelated data beyond the end of the cval string.
ld.lld however places .comment early in the section list, and so the cval may
be in a .data or .rodata section that comes at the end of the section list.
(CTF data may also be after .data/.rodata and would mitigate this issue; it may
happen only with CTF disabled)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list