From b22626d996e153d6094e1f76ed33ee1bb3eea751 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 20 Dec 2019 15:40:20 -0800 Subject: glibc: Upgrade to 2.31 License-Update: Prefer https to http for gnu.org and fsf.org URLs [1] [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=5a82c74822d3272df2f5929133680478c0cfb4bd Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- ...libc-Fix-buffer-overrun-with-a-relocated-.patch | 46 ++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch (limited to 'meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch') diff --git a/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch new file mode 100644 index 0000000000..523b6da897 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch @@ -0,0 +1,46 @@ +From 3ac58bf1028841cc0a8fa7f258cbf21466740360 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 01:50:00 +0000 +Subject: [PATCH] nativesdk-glibc: Fix buffer overrun with a relocated SDK + +When ld-linux-*.so.2 is relocated to a path that is longer than the +original fixed location, the dynamic loader will crash in open_path +because it implicitly assumes that max_dirnamelen is a fixed size that +never changes. + +The allocated buffer will not be large enough to contain the directory +path string which is larger than the fixed location provided at build +time. + +Upstream-Status: Inappropriate [OE SDK specific] + +Signed-off-by: Jason Wessel +Signed-off-by: Khem Raj +--- + elf/dl-load.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/elf/dl-load.c b/elf/dl-load.c +index 3226f2e531..7cb8a86fab 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -1773,7 +1773,19 @@ open_path (const char *name, size_t namelen, int mode, + given on the command line when rtld is run directly. */ + return -1; + ++ do ++ { ++ struct r_search_path_elem *this_dir = *dirs; ++ if (this_dir->dirnamelen > max_dirnamelen) ++ { ++ max_dirnamelen = this_dir->dirnamelen; ++ } ++ } ++ while (*++dirs != NULL); ++ + buf = alloca (max_dirnamelen + max_capstrlen + namelen); ++ ++ dirs = sps->dirs; + do + { + struct r_search_path_elem *this_dir = *dirs; -- cgit 1.2.3-korg