blob: a681cc284e91c76a70f53f1c42ee78ba6d350863 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Fix out of bounds read
self->dtv hasn't been extended yet
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index e2c3259f..b23ea0df 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -1374,7 +1376,7 @@ static void install_new_tls(void)
}
/* Install new dtls into the enlarged, uninstalled dtv copies. */
for (p=head; ; p=p->next) {
- if (!p->tls_id || self->dtv[p->tls_id]) continue;
+ if (p->tls_id <= old_cnt) continue;
unsigned char *mem = p->new_tls;
for (j=0; j<i; j++) {
unsigned char *new = mem;
|