This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/20419] New: files with large allocated notes crash in open_verify
- From: "jistone at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 27 Jul 2016 22:37:17 +0000
- Subject: [Bug dynamic-link/20419] New: files with large allocated notes crash in open_verify
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20419
Bug ID: 20419
Summary: files with large allocated notes crash in open_verify
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: jistone at redhat dot com
Target Milestone: ---
When elf/dl-load.c open_verify() reaches the code to "Check .note.ABI-tag if
present", it uses alloca() to read in each PT_NOTE, regardless of size. If the
file has a very large allocated note, this causes a stack overflow.
$ cat big-note.s
// Create an 8MB note to make alloca exceed the stack
.pushsection .note.big,"a"
.balign 4
.fill 8*1024*1024, 1, 0
.popsection
$ gcc -shared big-note.s -o big-note.so
$ ldd big-note.so
ldd: exited with unknown exit code (139)
I reproduced this on Fedora 24 with glibc-2.23.1-8.fc24.x86_64, but this code
on glibc master looks exactly the same, unchanged for years.
This bug report is derived from rust#26764.
https://github.com/rust-lang/rust/issues/26764
--
You are receiving this mail because:
You are on the CC list for the bug.