This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Avoid mapping past end of shared object (BZ #18685)

On 07/17/2015 02:21 PM, Siddhesh Poyarekar wrote:
> On Fri, Jul 17, 2015 at 01:24:05PM +0200, Florian Weimer wrote:
>> Useful information would be that's a debuginfo file.  Showing no output
>> or garbage is hardly more helpful than crashing because the user still
>> doesn't know what's wrong.  They won't even report a bug, so we can't
>> help them.
> The trouble is, you don't know for sure that it is a debuginfo file.
> That's where Carlos talked about the need for a new flag.
>> Unfortunately, Fedora coverage for non-i386/x86_64 and proprietary
>> legacy applications is quite poor.
> The patch has been in rhel-6 for a similar amount of time as well,
> i.e. since before I started maintaining the tree.

Okay, good to know.

This is addresses my concerns about the backwards compatibility impact
of this change.  Consider them withdrawn.

>> In this check,
>> +	  if (__glibc_unlikely (ph->p_offset + ph->p_filesz > st.st_size))
>> do p_offset and p_filesz correspond to the program header values in the
>> file, or have they already been modified?.
> They correspond to the program header values, why do you think they
> have been modified?

No particular reason, I just wanted to be sure. :-)

>> One more question, regarding the new check: Is there already a check
>> that the addition does not overflow?
> There isn't.  I intend to add it but it doesn't seem like there's
> agreement on including this patch at all.

Oh well, understood.  (I was mainly worried about the compatibility impact.)

Florian Weimer / Red Hat Product Security

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]