diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2013-10-21 19:37:22 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-10-30 13:39:01 +0000 |
commit | 35c8b1ac7c3b1e4209b1e30d1dbd1a457286b97b (patch) | |
tree | fea6213e9db37b9f88b778f8531929bbd1e35d2b /meta/recipes-devtools/rpm/rpm | |
parent | a1a379b3c9728a06b086b4c1f06f663f54d7d37d (diff) | |
download | openembedded-core-contrib-35c8b1ac7c3b1e4209b1e30d1dbd1a457286b97b.tar.gz |
debugedit: fix segment fault while file's bss offset have a large number
While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
into memory. While the file's bss Offset has a large number, elf_update
caculated file size by __elf64_updatenull_wrlock and the size was
enlarged.
In this situation, elf_update invoked ftruncate to enlarge the file,
and memory size (elf->maximum_size) also was incorrectly updated.
There was segment fault in elf_end which invoked munmap with the
length is the enlarged file size, not the mmap's length.
Before the above operations, invoke elf_begin/elf_update/elf_end
with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
could make sure the file is safe for the following elf operations.
[YOCTO #5356]
https://bugzilla.redhat.com/show_bug.cgi?id=1019707
https://bugzilla.redhat.com/show_bug.cgi?id=1020842
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-devtools/rpm/rpm')
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch new file mode 100644 index 0000000000..2696cd3168 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch @@ -0,0 +1,67 @@ +debugedit: fix segment fault while file's bss offset have a large number + +While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file +into memory. While the file's bss Offset has a large number, elf_update +caculated file size by __elf64_updatenull_wrlock and the size was +enlarged. + +In this situation, elf_update invoked ftruncate to enlarge the file, +and memory size (elf->maximum_size) also was incorrectly updated. +There was segment fault in elf_end which invoked munmap with the +length is the enlarged file size, not the mmap's length. + +Before the above operations, invoke elf_begin/elf_update/elf_end +with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it +could make sure the file is safe for the following elf operations. + +Upstream-Status: Pending +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + tools/debugedit.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/tools/debugedit.c b/tools/debugedit.c +--- a/tools/debugedit.c ++++ b/tools/debugedit.c +@@ -1512,6 +1512,28 @@ handle_build_id (DSO *dso, Elf_Data *build_id, + } + } + ++/* It avoided the segment fault while file's bss offset have a large number. ++ See https://bugzilla.redhat.com/show_bug.cgi?id=1019707 ++ https://bugzilla.redhat.com/show_bug.cgi?id=1020842 for detail. */ ++void valid_file(int fd) ++{ ++ Elf *elf = elf_begin (fd, ELF_C_RDWR, NULL); ++ if (elf == NULL) ++ { ++ error (1, 0, "elf_begin: %s", elf_errmsg (-1)); ++ return; ++ } ++ ++ elf_flagelf (elf, ELF_C_SET, ELF_F_LAYOUT); ++ ++ if (elf_update (elf, ELF_C_WRITE) < 0) ++ error (1, 0, "elf_update: %s", elf_errmsg (-1)); ++ ++ elf_end (elf); ++ ++ return; ++} ++ + int + main (int argc, char *argv[]) + { +@@ -1608,6 +1630,9 @@ main (int argc, char *argv[]) + exit (1); + } + ++ /* Make sure the file is valid. */ ++ valid_file(fd); ++ + dso = fdopen_dso (fd, file); + if (dso == NULL) + exit (1); +-- +1.8.1.2 + |