This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On 05/06/2018 08:17 PM, Paul Pluzhnikov wrote:
While working on the BZ 20419 patch, I noticed that this code in
elf/dl-load.c could cause similar stack overflow:
maplength = header->e_phnum * sizeof (ElfW(Phdr));
...
phdr = alloca (maplength);
An ELF binary with 131072 Phdrs is unlikely to happen in practice, except
in some kind of exploit.
Assuming we do want to protect against it (which is easy to do, so why
wouldn't we?), I am having hard time coming up with a reasonable test
strategy.
I could write a little helper program to generate such a binary "by hand"
(i.e. without compiler/linker involvement). Is there a simpler strategy?
In theory, you could also manually craft a test binary and check that in. Although the test may have to patch the ELF file so that it is not rejected too early during the load processes. However, this will not work well in this particularly case because the required file size would be larger than 8 MiB if my math is correct.
Thanks, Florian
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |