Date: Fri, 31 Aug 2012 23:28:41 +0000 (UTC) From: Dimitry Andric <dim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r239962 - head/contrib/binutils/binutils Message-ID: <201208312328.q7VNSfLK012047@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dim Date: Fri Aug 31 23:28:41 2012 New Revision: 239962 URL: http://svn.freebsd.org/changeset/base/239962 Log: Fix a twelve year old bug in readelf: when process_dynamic_segment() encounters a DT_RUNPATH entry, the global dynamic_info[] array is overrun, causing some other global variable to be overwritten. In my testcase, this was the section_headers variable, leading to segfaults or jemalloc assertions when it was freed later on. Thanks to Koop Mast for providing samples of a few "bad" .so files. MFC after: 1 week Modified: head/contrib/binutils/binutils/readelf.c Modified: head/contrib/binutils/binutils/readelf.c ============================================================================== --- head/contrib/binutils/binutils/readelf.c Fri Aug 31 22:37:08 2012 (r239961) +++ head/contrib/binutils/binutils/readelf.c Fri Aug 31 23:28:41 2012 (r239962) @@ -174,7 +174,7 @@ static Elf_Internal_Syminfo *dynamic_sym static unsigned long dynamic_syminfo_offset; static unsigned int dynamic_syminfo_nent; static char program_interpreter[PATH_MAX]; -static bfd_vma dynamic_info[DT_JMPREL + 1]; +static bfd_vma dynamic_info[DT_ENCODING]; static bfd_vma dynamic_info_DT_GNU_HASH; static bfd_vma version_info[16]; static Elf_Internal_Ehdr elf_header;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208312328.q7VNSfLK012047>