[PATCH] elf: Check invalid hole in PT_LOAD segments [BZ #28838] (original) (raw)

From: "H.J. Lu" hjl.tools@gmail.com To: libc-alpha@sourceware.org Cc: Florian Weimer fweimer@redhat.com, Carlos O'Donell carlos@redhat.com, Michael Hudson-Doyle michael.hudson@canonical.com Subject: [PATCH] elf: Check invalid hole in PT_LOAD segments [BZ #28838] Date: Mon, 31 Jan 2022 07:24:52 -0800 [thread overview] Message-ID: 20220131152452.1061323-1-hjl.tools@gmail.com ()

commit 163f625cf9becbb82dfec63a29e566324129c0cd Author: H.J. Lu hjl.tools@gmail.com Date: Tue Dec 21 12:35:47 2021 -0800

elf: Remove excessive p_align check on PT_LOAD segments [BZ #28688]

removed the p_align check against the page size. It caused the loader crash in shared objects with the invalid p_align. Update _dl_map_segments to detect invalid holes. This fixes BZ #28838.

elf/dl-map-segments.h | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h index 172692b120..fd24cf5d01 100644 --- a/elf/dl-map-segments.h +++ b/elf/dl-map-segments.h @@ -113,6 +113,9 @@ _dl_map_segments (struct link_map *l, int fd, unallocated. Then jump into the normal segment-mapping loop to handle the portion of the segment past the end of the file mapping. */ + if (_glibc_unlikely (loadcmds[nloadcmds - 1].mapstart < + c->mapend)) + return N("ELF load command address/offset not page-aligned"); if (__glibc_unlikely (__mprotect ((caddr_t) (l->l_addr + c->mapend), loadcmds[nloadcmds - 1].mapstart - c->mapend,

2.34.1

next reply other threads:[~2022-01-31 15:24 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-01-31 15:24 H.J. Lu [this message] 2022-01-31 15:39 [Florian Weimer](../877daf9anu.fsf@oldenburg.str.redhat.com/) 2022-01-31 15:59 H.J. Lu 2022-01-31 16:07 [H.J. Lu](../CAMe9rOrfqUyQR7rtZGJz3mhzLRJcfdPhT9XtT2Vtoncdk8ST1Q@mail.gmail.com/) 2022-01-31 22:19 Michael Hudson-Doyle

Reply instructions:

You may reply publicly to this message via plain-text email using any one of the following methods:

• Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

• Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1):

  git send-email
  --in-reply-to=20220131152452.1061323-1-hjl.tools@gmail.com
  --to=hjl.tools@gmail.com
  --cc=carlos@redhat.com
  --cc=fweimer@redhat.com
  --cc=libc-alpha@sourceware.org
  --cc=michael.hudson@canonical.com
  /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

• If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).