diff options
author | Jeff Law <law@redhat.com> | 2012-06-21 09:26:41 -0600 |
---|---|---|
committer | Jeff Law <law@redhat.com> | 2012-06-21 09:26:41 -0600 |
commit | 28363bbf705830cb35791af679401559376eaa75 (patch) | |
tree | d04ba0e96581b43edcfe7eaaea5e4bdce8870886 /elf | |
parent | 09615db4a954a51014bb75e6def15ec05d4f0da9 (diff) | |
download | glibc-28363bbf705830cb35791af679401559376eaa75.zip glibc-28363bbf705830cb35791af679401559376eaa75.tar.gz glibc-28363bbf705830cb35791af679401559376eaa75.tar.bz2 |
2012-06-21 Jeff Law <law@redhat.com>
[BZ #13882]
* elf/dl-deps.c (_dl_map_object_deps): Fix cycle detection. Use
uint16_t for elements in the "seen" array to avoid char overflows.
* elf/dl-fini.c (_dl_sort_fini): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise.
Diffstat (limited to 'elf')
-rw-r--r-- | elf/dl-deps.c | 8 | ||||
-rw-r--r-- | elf/dl-fini.c | 8 | ||||
-rw-r--r-- | elf/dl-open.c | 8 |
3 files changed, 12 insertions, 12 deletions
diff --git a/elf/dl-deps.c b/elf/dl-deps.c index fb1c305..69aec46 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -1,5 +1,5 @@ /* Load the dependencies of a mapped object. - Copyright (C) 1996-2003, 2004, 2005, 2006, 2007, 2010, 2011 + Copyright (C) 1996-2003, 2004-2007, 2010-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -632,7 +632,7 @@ Filters not supported with LD_TRACE_PRELINKING")); /* We can skip looking for the binary itself which is at the front of the search list. */ i = 1; - char seen[nlist]; + uint16_t seen[nlist]; memset (seen, 0, nlist * sizeof (seen[0])); while (1) { @@ -658,13 +658,13 @@ Filters not supported with LD_TRACE_PRELINKING")); (k - i) * sizeof (l_initfini[0])); l_initfini[k] = thisp; - if (seen[i + 1] > 1) + if (seen[i + 1] > nlist - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; diff --git a/elf/dl-fini.c b/elf/dl-fini.c index 05146b3..87cf2f1 100644 --- a/elf/dl-fini.c +++ b/elf/dl-fini.c @@ -1,5 +1,5 @@ /* Call the termination functions of loaded shared objects. - Copyright (C) 1995,96,1998-2002,2004-2005,2009,2011 + Copyright (C) 1995, 1996, 1998-2002, 2004-2005, 2009, 2011-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -38,7 +38,7 @@ _dl_sort_fini (struct link_map **maps, size_t nmaps, char *used, Lmid_t ns) /* We can skip looking for the binary itself which is at the front of the search list for the main namespace. */ unsigned int i = ns == LM_ID_BASE; - char seen[nmaps]; + uint16_t seen[nmaps]; memset (seen, 0, nmaps * sizeof (seen[0])); while (1) { @@ -78,13 +78,13 @@ _dl_sort_fini (struct link_map **maps, size_t nmaps, char *used, Lmid_t ns) used[k] = here_used; } - if (seen[i + 1] > 1) + if (seen[i + 1] > nmaps - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; diff --git a/elf/dl-open.c b/elf/dl-open.c index 570c5f8..9fe0a7f 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -1,5 +1,5 @@ /* Load a shared object at runtime, relocate it, and run its initializer. - Copyright (C) 1996-2007, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. + Copyright (C) 1996-2007, 2009-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -325,7 +325,7 @@ dl_open_worker (void *a) while (l != NULL); if (nmaps > 1) { - char seen[nmaps]; + uint16_t seen[nmaps]; memset (seen, '\0', nmaps); size_t i = 0; while (1) @@ -351,13 +351,13 @@ dl_open_worker (void *a) (k - i) * sizeof (maps[0])); maps[k] = thisp; - if (seen[i + 1] > 1) + if (seen[i + 1] > nmaps - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; |