x86/CET: Don't parse beyond the note end

Simply check if "ptr < ptr_end" since "ptr" is always incremented by 8.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
	parse beyond the note end.

diff --git a/ChangeLog b/ChangeLog
index 50fc501865d15996f3a947d12bd7d987a25d00cb..15b112266b6ffd1840b5a03d0d282fdaaa9c1876 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-07-27  H.J. Lu  <hongjiu.lu@intel.com>
+
+       * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
+       parse beyond the note end.
+
 2018-07-27  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
        * sysdeps/unix/sysv/linux/tst-ofdlocks.c: Return unsupported if

diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index d56e20a6dce8f2bd5c475fbf14e3da40d956ec34..35d3f16a232def669fbba96c04d52328cc81d644 100644 (file)
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l,
          unsigned char *ptr = (unsigned char *) (note + 1) + 4;
          unsigned char *ptr_end = ptr + note->n_descsz;
 
-         while (1)
+         while (ptr < ptr_end)
            {
              unsigned int type = *(unsigned int *) ptr;
              unsigned int datasz = *(unsigned int *) (ptr + 4);