You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 lines
956 B
21 lines
956 B
diff -rup glibc-2.17-c758a686/elf/dl-load.c glibc-2.17-c758a686/elf/dl-load.c |
|
--- glibc-2.17-c758a686/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700 |
|
+++ glibc-2.17-c758a686/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700 |
|
@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name |
|
= N_("ELF load command address/offset not properly aligned"); |
|
goto call_lose; |
|
} |
|
+ if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0)) |
|
+ { |
|
+ /* If the segment requires zeroing of part of its last |
|
+ page, we'll crash when accessing the unmapped page. |
|
+ There's still a possibility of a race, if the shared |
|
+ object is truncated between the fxstat above and the |
|
+ memset below. */ |
|
+ errstring = N_("ELF load command past end of file"); |
|
+ goto call_lose; |
|
+ } |
|
|
|
c = &loadcmds[nloadcmds++]; |
|
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1); |
|
Only inglibc-2.17-c758a686/elf: dl-load.c.orig
|
|
|