This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

DT_SYMBOLIC broken


The handling of DT_SYMBOLIC is broken, since sizeof (l->l_scope) received
a new meaning.  There is also a thinko in dl_open that caused it to
_always_ enlarge the scope list, and eventually writing beyond allocated
space.

Andreas.

2001-09-18  Andreas Schwab  <schwab@suse.de>

	* elf/dl-load.c (_dl_map_object_from_fd): Update handling of scope
	list, now that l_scope is a pointer.

	* elf/dl-open.c (dl_open_worker): Fix thinko when enlarging the
	scope list.

--- elf/dl-load.c.~1.174.~	Mon Sep 10 10:20:08 2001
+++ elf/dl-load.c	Tue Sep 18 17:10:18 2001
@@ -1136,7 +1136,7 @@
 
       /* Now move the existing entries one back.  */
       memmove (&l->l_scope[1], &l->l_scope[0],
-	       sizeof (l->l_scope) - sizeof (l->l_scope[0]));
+	       (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
 
       /* Now add the new entry.  */
       l->l_scope[0] = &l->l_symbolic_searchlist;
--- elf/dl-open.c.~1.78.~	Fri Sep  7 10:19:08 2001
+++ elf/dl-open.c	Tue Sep 18 16:10:15 2001
@@ -312,7 +312,7 @@
 	    ++runp;
 	  }
 
-	if (__builtin_expect (cnt + 1 < imap->l_scope_max, 0))
+	if (__builtin_expect (cnt + 1 >= imap->l_scope_max, 0))
 	  {
 	    /* The 'r_scope' array is too small.  Allocate a new one
 	       dynamically.  */
@@ -327,7 +327,7 @@
 		  _dl_signal_error (ENOMEM, "dlopen", NULL,
 				    N_("cannot create scope list"));
 		imap->l_scope = memcpy (newp, imap->l_scope,
-					cnt * imap->l_scope_max);
+					cnt * sizeof (imap->l_scope[0]));
 	      }
 	    else
 	      {
@@ -339,10 +339,10 @@
 				    N_("cannot create scope list"));
 		imap->l_scope = newp;
 	      }
-
-	    imap->l_scope[cnt++] = &new->l_searchlist;
-	    imap->l_scope[cnt] = NULL;
 	  }
+
+	imap->l_scope[cnt++] = &new->l_searchlist;
+	imap->l_scope[cnt] = NULL;
       }
 
   /* Run the initializer functions of new objects.  */

-- 
Andreas Schwab                                  "And now for something
Andreas.Schwab@suse.de				completely different."
SuSE Labs, SuSE GmbH, Schanzäckerstr. 10, D-90443 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]