Date: Mon, 08 Dec 2025 02:26:13 +0000 From: bugzilla-noreply@freebsd.org To: riscv@FreeBSD.org Subject: [Bug 291446] /libexec/ld-elf.so.1 not branded properly on riscv, breaks manual activation via ldd Message-ID: <bug-291446-40250-nVOhnZ5Uya@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-291446-40250@https.bugs.freebsd.org/bugzilla/> References: <bug-291446-40250@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291446 --- Comment #7 from Jessica Clarke <jrtc27@freebsd.org> --- I remembered c86af2cc4cd1 ("imgact_elf: Check note body sizes"), which looks like it has an off-by-one to me. Well, it sort of preserves an off-by-one that was there if the data was zero length and the name size was already rounded. Effectively as of that commit it ignores the final note in a well-formed object. Can you try a kernel with the following: diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 779158b41221..f1d848e95f18 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -2840,7 +2840,7 @@ __elfN(parse_notes)(const struct image_params *imgp, const Elf_Note *checknote, goto nextnote; note_name = (const char *)(note + 1); if (note_name + roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE) + - note->n_descsz >= (const char *)note_end || + note->n_descsz > (const char *)note_end || strncmp(note_vendor, note_name, checknote->n_namesz) != 0) goto nextnote; -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-291446-40250-nVOhnZ5Uya>