This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Seeking advice on writing a test [Re: [patch] Fix BZ 20419 -- stack overflow with huge PT_NOTE segment]
While working on the BZ 20419 patch, I noticed that this code in
elf/dl-load.c could cause similar stack overflow:
maplength = header->e_phnum * sizeof (ElfW(Phdr));
...
phdr = alloca (maplength);
An ELF binary with 131072 Phdrs is unlikely to happen in practice, except
in some kind of exploit.
Assuming we do want to protect against it (which is easy to do, so why
wouldn't we?), I am having hard time coming up with a reasonable test
strategy.
I could write a little helper program to generate such a binary "by hand"
(i.e. without compiler/linker involvement). Is there a simpler strategy?
Should I simply send a patch without a test case?
Thanks,
--
Paul Pluzhnikov