]>
Commit | Line | Data |
---|---|---|
12788f63 MT |
1 | diff -rup a/elf/dl-load.c b/elf/dl-load.c |
2 | --- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700 | |
3 | +++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700 | |
4 | @@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name | |
5 | = N_("ELF load command address/offset not properly aligned"); | |
6 | goto call_lose; | |
7 | } | |
8 | + if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0)) | |
9 | + { | |
10 | + /* If the segment requires zeroing of part of its last | |
11 | + page, we'll crash when accessing the unmapped page. | |
12 | + There's still a possibility of a race, if the shared | |
13 | + object is truncated between the fxstat above and the | |
14 | + memset below. */ | |
15 | + errstring = N_("ELF load command past end of file"); | |
16 | + goto call_lose; | |
17 | + } | |
18 | ||
19 | c = &loadcmds[nloadcmds++]; | |
20 | c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1); | |
21 | Only in b/elf: dl-load.c.orig |