For PR 14055, add bounds check to _dl_show_auxv().

3 files changed, 10 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 5e4ce0d..bcca473 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-02  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
+	[BZ #14055]
+	* elf/dl-sysdep.c (_dl_show_auxv): Add bounds check.
+
 2012-05-02  Andreas Jaeger  <aj@suse.de>
 
 	* math/Makefile (CPPFLAGS-test-ildoubl.c): Add -frounding-math
diff --git a/NEWS b/NEWS
index aebe791..12045f6 100644
--- a/NEWS
+++ b/NEWS
@@ -23,7 +23,7 @@ Version 2.16
   13873, 13879, 13883, 13886, 13892, 13895, 13908, 13910, 13911, 13912,
   13913, 13915, 13916, 13917, 13918, 13919, 13920, 13921, 13924, 13926,
   13927, 13928, 13938, 13941, 13942, 13963, 13967, 13970, 13973, 14027,
-  14033, 14034, 14040
+  14033, 14034, 14040, 14055
 
 * ISO C11 support:
 
diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c
index 1cb4460..ea505a6 100644
--- a/elf/dl-sysdep.c
+++ b/elf/dl-sysdep.c
@@ -1,5 +1,5 @@
 /* Operating system support for run-time dynamic linker.  Generic Unix version.
-   Copyright (C) 1995-1998,2000-2008,2009,2010
+   Copyright (C) 1995-1998,2000-2010,2012
 	Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
@@ -303,7 +303,9 @@ _dl_show_auxv (void)
 	};
       unsigned int idx = (unsigned int) (av->a_type - 2);
 
-      if ((unsigned int) av->a_type < 2u || auxvars[idx].form == ignore)
+      if ((unsigned int) av->a_type < 2u
+	  || (idx < sizeof (auxvars) / sizeof (auxvars[0])
+	      && auxvars[idx].form == ignore))
 	continue;
 
       assert (AT_NULL == 0);