diff options
author | kib <kib@FreeBSD.org> | 2012-03-12 10:36:03 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2012-03-12 10:36:03 +0000 |
commit | 7654527e54953ea42e7a35136d0521bb4ae4b225 (patch) | |
tree | c2f87f15534ed17b42568491051d8041f734c753 /libexec | |
parent | ea14701c38e1e288d6b394bd7a4c64e6053af67d (diff) | |
download | FreeBSD-src-7654527e54953ea42e7a35136d0521bb4ae4b225.zip FreeBSD-src-7654527e54953ea42e7a35136d0521bb4ae4b225.tar.gz |
When iterating over the dso program headers, the object is not initialized
yet, and object segments are not yet mapped. Only parse the notes that
appear in the first page of the dso (as it should be anyway), and use
the preloaded page content.
Reported and tested by: stass
MFC after: 20 days
Diffstat (limited to 'libexec')
-rw-r--r-- | libexec/rtld-elf/map_object.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libexec/rtld-elf/map_object.c b/libexec/rtld-elf/map_object.c index d240575..f142819 100644 --- a/libexec/rtld-elf/map_object.c +++ b/libexec/rtld-elf/map_object.c @@ -149,7 +149,10 @@ map_object(int fd, const char *path, const struct stat *sb) break; case PT_NOTE: - note_start = (Elf_Addr)obj->relocbase + phdr->p_offset; + if (phdr->p_offset > PAGE_SIZE || + phdr->p_offset + phdr->p_filesz > PAGE_SIZE) + break; + note_start = (Elf_Addr)(char *)hdr + phdr->p_offset; note_end = note_start + phdr->p_filesz; digest_notes(obj, note_start, note_end); break; |