Fix fill_mmap for sections past the section headers

If fill_mmap() was run for a section that's past the shdr_end, but does
not immediately follow the section headers the fill start would be
determined incorrectly as shdr_end, which would wipe off contents of
sections between shdr_end and current one.

Issue was reported and triaged by Hugo Mildenberger, Graham Murray
and Peter Alfredsen. (http://bugs.gentoo.org/show_bug.cgi?id=288977)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 8098f4e95a810a295701995da2d583db2297ff03..58b8fe9a080cc886bf0a88f640bb848aadd6807a 100644 (file)
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2009-10-23  Lubomir Rintel  <lkundrak@v3.sk>
+
+       * elf32_updatefile.c (fill_mmap): When starting past shdr_end, start
+       filling from section start, not shdr_end.
+
 2009-11-10  Roland McGrath  <roland@redhat.com>
 
        * elf_readall.c (__libelf_readall): Fetch file size if not yet known.

diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c
index 0539f03d0b3ef247ce968f29b2c80ee45eaf26b8..8be19948a6aba2a24c11890ecade0c4e6b9b63e2 100644 (file)
--- a/libelf/elf32_updatefile.c
+++ b/libelf/elf32_updatefile.c
@@ -322,8 +322,11 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo, size_t shnum)
 
            if (last_position + written != scn_start + offset
                && shdr_end < scn_start + offset)
-             memset (shdr_end, __libelf_fill_byte,
-                     scn_start + offset - shdr_end);
+             {
+               char *fill_start = MAX (shdr_end, scn_start);
+               memset (fill_start, __libelf_fill_byte,
+                       scn_start + offset - fill_start);
+             }
          }
 
          if (scn->data_list_rear != NULL)