Fix a twelve year old bug in readelf: when process_dynamic_segment()

encounters a DT_RUNPATH entry, the global dynamic_info[] array is overrun, causing some other global variable to be overwritten. In my testcase, this was the section_headers variable, leading to segfaults or jemalloc assertions when it was freed later on. Thanks to Koop Mast for providing samples of a few "bad" .so files. MFC after: 1 week
author: dim <dim@FreeBSD.org> 2012-08-31 23:28:41 +0000
committer: dim <dim@FreeBSD.org> 2012-08-31 23:28:41 +0000
commit: 8c9e04b26729438492a4b9a4af9d08aec9b3a704 (patch)
tree: 902db0c4e59ddda52c55b90f6a107ee4318088c8 /contrib/binutils/binutils
parent: 25568f4c4f0ab4414b84fd0631bc5e57c585c15f (diff)
download: FreeBSD-src-8c9e04b26729438492a4b9a4af9d08aec9b3a704.zip
FreeBSD-src-8c9e04b26729438492a4b9a4af9d08aec9b3a704.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/binutils/binutils/readelf.c b/contrib/binutils/binutils/readelf.c
index a8c5ccc..98249ff 100644
--- a/contrib/binutils/binutils/readelf.c
+++ b/contrib/binutils/binutils/readelf.c
@@ -174,7 +174,7 @@ static Elf_Internal_Syminfo *dynamic_syminfo;
 static unsigned long dynamic_syminfo_offset;
 static unsigned int dynamic_syminfo_nent;
 static char program_interpreter[PATH_MAX];
-static bfd_vma dynamic_info[DT_JMPREL + 1];
+static bfd_vma dynamic_info[DT_ENCODING];
 static bfd_vma dynamic_info_DT_GNU_HASH;
 static bfd_vma version_info[16];
 static Elf_Internal_Ehdr elf_header;
author	dim <dim@FreeBSD.org>	2012-08-31 23:28:41 +0000
committer	dim <dim@FreeBSD.org>	2012-08-31 23:28:41 +0000
commit	8c9e04b26729438492a4b9a4af9d08aec9b3a704 (patch)
tree	902db0c4e59ddda52c55b90f6a107ee4318088c8 /contrib/binutils/binutils
parent	25568f4c4f0ab4414b84fd0631bc5e57c585c15f (diff)
download	FreeBSD-src-8c9e04b26729438492a4b9a4af9d08aec9b3a704.zip FreeBSD-src-8c9e04b26729438492a4b9a4af9d08aec9b3a704.tar.gz