From 28363bbf705830cb35791af679401559376eaa75 Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Thu, 21 Jun 2012 09:26:41 -0600 Subject: 2012-06-21 Jeff Law [BZ #13882] * elf/dl-deps.c (_dl_map_object_deps): Fix cycle detection. Use uint16_t for elements in the "seen" array to avoid char overflows. * elf/dl-fini.c (_dl_sort_fini): Likewise. * elf/dl-open.c (dl_open_worker): Likewise. --- elf/dl-deps.c | 8 ++++---- elf/dl-fini.c | 8 ++++---- elf/dl-open.c | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'elf') diff --git a/elf/dl-deps.c b/elf/dl-deps.c index fb1c305..69aec46 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -1,5 +1,5 @@ /* Load the dependencies of a mapped object. - Copyright (C) 1996-2003, 2004, 2005, 2006, 2007, 2010, 2011 + Copyright (C) 1996-2003, 2004-2007, 2010-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -632,7 +632,7 @@ Filters not supported with LD_TRACE_PRELINKING")); /* We can skip looking for the binary itself which is at the front of the search list. */ i = 1; - char seen[nlist]; + uint16_t seen[nlist]; memset (seen, 0, nlist * sizeof (seen[0])); while (1) { @@ -658,13 +658,13 @@ Filters not supported with LD_TRACE_PRELINKING")); (k - i) * sizeof (l_initfini[0])); l_initfini[k] = thisp; - if (seen[i + 1] > 1) + if (seen[i + 1] > nlist - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; diff --git a/elf/dl-fini.c b/elf/dl-fini.c index 05146b3..87cf2f1 100644 --- a/elf/dl-fini.c +++ b/elf/dl-fini.c @@ -1,5 +1,5 @@ /* Call the termination functions of loaded shared objects. - Copyright (C) 1995,96,1998-2002,2004-2005,2009,2011 + Copyright (C) 1995, 1996, 1998-2002, 2004-2005, 2009, 2011-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -38,7 +38,7 @@ _dl_sort_fini (struct link_map **maps, size_t nmaps, char *used, Lmid_t ns) /* We can skip looking for the binary itself which is at the front of the search list for the main namespace. */ unsigned int i = ns == LM_ID_BASE; - char seen[nmaps]; + uint16_t seen[nmaps]; memset (seen, 0, nmaps * sizeof (seen[0])); while (1) { @@ -78,13 +78,13 @@ _dl_sort_fini (struct link_map **maps, size_t nmaps, char *used, Lmid_t ns) used[k] = here_used; } - if (seen[i + 1] > 1) + if (seen[i + 1] > nmaps - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; diff --git a/elf/dl-open.c b/elf/dl-open.c index 570c5f8..9fe0a7f 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -1,5 +1,5 @@ /* Load a shared object at runtime, relocate it, and run its initializer. - Copyright (C) 1996-2007, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. + Copyright (C) 1996-2007, 2009-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -325,7 +325,7 @@ dl_open_worker (void *a) while (l != NULL); if (nmaps > 1) { - char seen[nmaps]; + uint16_t seen[nmaps]; memset (seen, '\0', nmaps); size_t i = 0; while (1) @@ -351,13 +351,13 @@ dl_open_worker (void *a) (k - i) * sizeof (maps[0])); maps[k] = thisp; - if (seen[i + 1] > 1) + if (seen[i + 1] > nmaps - i) { ++i; goto next_clear; } - char this_seen = seen[i]; + uint16_t this_seen = seen[i]; memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0])); seen[k] = this_seen; -- cgit v1.1