From 2cfe33f4212519586066558a9e18d8e2e0887567 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 23 Oct 2009 16:18:51 +0200 Subject: [PATCH] Fix fill_mmap for sections past the section headers If fill_mmap() was run for a section that's past the shdr_end, but does not immediately follow the section headers the fill start would be determined incorrectly as shdr_end, which would wipe off contents of sections between shdr_end and current one. Issue was reported and triaged by Hugo Mildenberger, Graham Murray and Peter Alfredsen. (http://bugs.gentoo.org/show_bug.cgi?id=288977) --- libelf/ChangeLog | 5 +++++ libelf/elf32_updatefile.c | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 8098f4e95..58b8fe9a0 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2009-10-23 Lubomir Rintel + + * elf32_updatefile.c (fill_mmap): When starting past shdr_end, start + filling from section start, not shdr_end. + 2009-11-10 Roland McGrath * elf_readall.c (__libelf_readall): Fetch file size if not yet known. diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c index 0539f03d0..8be19948a 100644 --- a/libelf/elf32_updatefile.c +++ b/libelf/elf32_updatefile.c @@ -322,8 +322,11 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo, size_t shnum) if (last_position + written != scn_start + offset && shdr_end < scn_start + offset) - memset (shdr_end, __libelf_fill_byte, - scn_start + offset - shdr_end); + { + char *fill_start = MAX (shdr_end, scn_start); + memset (fill_start, __libelf_fill_byte, + scn_start + offset - fill_start); + } } if (scn->data_list_rear != NULL) -- 2.47.3