From: Willy Tarreau Date: Thu, 23 Apr 2026 11:52:33 +0000 (+0200) Subject: BUG/MINOR: debug: properly mark the entire libs archive read-only X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4034f78fc49a45f78d5009a67ef91951d9632fc6;p=thirdparty%2Fhaproxy.git BUG/MINOR: debug: properly mark the entire libs archive read-only In 3.4-dev7, commit e1738b665d ("MINOR: debug: read all libs in memory when set-dumpable=libs") reads dependencies into memory to store them as a tar archive for later debugging. There was an attempt to mark the whole archive read-only, except that the size passed in argument to mprotect() is wrong: lib_size is only assigned after the operation and is still zero at the moment this is done. new_size ought to be used instead. This needs to be backported wherever the commit above is backported, at least 3.2. --- diff --git a/src/tools.c b/src/tools.c index 12481ce1e..f5b14d75a 100644 --- a/src/tools.c +++ b/src/tools.c @@ -6137,7 +6137,7 @@ void collect_libs(void) page += pagesize; /* copy and make read-only */ memcpy(page, ctx.storage, ctx.size); - mprotect(page, lib_size, PROT_READ); + mprotect(page, new_size, PROT_READ); vma_set_name(page, new_size, "archive", "boot-libs"); lib_storage = page;