Date: Wed, 2 Sep 2020 20:43:08 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r365278 - head/lib/libc/gen Message-ID: <202009022043.082Kh8nT098867@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Wed Sep 2 20:43:08 2020 New Revision: 365278 URL: https://svnweb.freebsd.org/changeset/base/365278 Log: Don't assume objects in program sections have a size of a pointer. The size of the object at 'addr' is unknown and might be smaller than the size of a pointer (e.g. some x86 instructions are smaller than a pointer). Instead, just check that the address is in the bounds of the program header. Reported by: CHERI (indirectly) Reviewed by: kib, brooks Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D26279 Modified: head/lib/libc/gen/elf_utils.c Modified: head/lib/libc/gen/elf_utils.c ============================================================================== --- head/lib/libc/gen/elf_utils.c Wed Sep 2 20:36:33 2020 (r365277) +++ head/lib/libc/gen/elf_utils.c Wed Sep 2 20:43:08 2020 (r365278) @@ -65,7 +65,7 @@ __elf_phdr_match_addr(struct dl_phdr_info *phdr_info, #endif if (phdr_info->dlpi_addr + ph->p_vaddr <= (uintptr_t)addr && - (uintptr_t)addr + sizeof(addr) < phdr_info->dlpi_addr + + (uintptr_t)addr < phdr_info->dlpi_addr + ph->p_vaddr + ph->p_memsz) break; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009022043.082Kh8nT098867>