sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

debugedit: fix segment fault while file's bss offset have a large number 

While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
into memory. While the file's bss Offset has a large number, elf_update
caculated file size by __elf64_updatenull_wrlock and the size was
enlarged.

In this situation, elf_update invoked ftruncate to enlarge the file,
and memory size (elf->maximum_size) also was incorrectly updated.
There was segment fault in elf_end which invoked munmap with the
length is the enlarged file size, not the mmap's length.

Before the above operations, invoke elf_begin/elf_update/elf_end
with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
could make sure the file is safe for the following elf operations.

[YOCTO #5356]
https://bugzilla.redhat.com/show_bug.cgi?id=1019707
https://bugzilla.redhat.com/show_bug.cgi?id=1020842

(From OE-Core master rev: 35c8b1ac7c3b1e4209b1e30d1dbd1a457286b97b)

(From OE-Core rev: a82322a982dc97ebc95f3fc45f9ad98bed947ad9)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hongxu Jia 2013-10-21 19:37:22 +08:00 committed by Richard Purdie
parent 431c80b6d0
commit 309ef190da
2 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch Normal file
View File

@ -0,0 +1,67 @@
debugedit: fix segment fault while file's bss offset have a large number
While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
into memory. While the file's bss Offset has a large number, elf_update
caculated file size by __elf64_updatenull_wrlock and the size was
enlarged.
In this situation, elf_update invoked ftruncate to enlarge the file,
and memory size (elf->maximum_size) also was incorrectly updated.
There was segment fault in elf_end which invoked munmap with the
length is the enlarged file size, not the mmap's length.
Before the above operations, invoke elf_begin/elf_update/elf_end
with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
could make sure the file is safe for the following elf operations.
Upstream-Status: Pending
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
tools/debugedit.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/tools/debugedit.c b/tools/debugedit.c
--- a/tools/debugedit.c
+++ b/tools/debugedit.c
@@ -1512,6 +1512,28 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
}
}
+/* It avoided the segment fault while file's bss offset have a large number.
+ See https://bugzilla.redhat.com/show_bug.cgi?id=1019707
+ https://bugzilla.redhat.com/show_bug.cgi?id=1020842 for detail. */
+void valid_file(int fd)
+{
+ Elf *elf = elf_begin (fd, ELF_C_RDWR, NULL);
+ if (elf == NULL)
+ {
+ error (1, 0, "elf_begin: %s", elf_errmsg (-1));
+ return;
+ }
+
+ elf_flagelf (elf, ELF_C_SET, ELF_F_LAYOUT);
+
+ if (elf_update (elf, ELF_C_WRITE) < 0)
+ error (1, 0, "elf_update: %s", elf_errmsg (-1));
+
+ elf_end (elf);
+
+ return;
+}
+
int
main (int argc, char *argv[])
{
@@ -1608,6 +1630,9 @@ main (int argc, char *argv[])
exit (1);
}
+ /* Make sure the file is valid. */
+ valid_file(fd);
+
dso = fdopen_dso (fd, file);
if (dso == NULL)
exit (1);
--
1.8.1.2

1
meta/recipes-devtools/rpm/rpm_5.4.9.bb
View File

@ -86,6 +86,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
file://rpm-platform2.patch \
file://rpm-remove-sykcparse-decl.patch \
file://debugedit-segv.patch \
file://debugedit-valid-file-to-fix-segment-fault.patch \
file://rpm-platform-file-fix.patch \
file://rpm-lsb-compatibility.patch \
"