[PATCH 2/2] elf: Detect PT_LOAD segments that extend beyond EOF and refuse loading
Adhemerval Zanella
adhemerval.zanella@linaro.org
Fri Nov 5 14:30:30 GMT 2021
On 05/11/2021 10:59, Florian Weimer via Libc-alpha wrote:
> @@ -1177,6 +1178,17 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
> = N_("ELF load command address/offset not properly aligned");
> goto lose;
> }
> + if (__glibc_unlikely (ph->p_offset + ph->p_filesz > file_size))
> + {
> + /* If the segment is not fully backed by the file,
> + accessing memory beyond the last full page results in
> + SIGBUS. This often happens with non-loadable ELF
> + objects containing separated debugging information
> + (which have load segments that match the original ELF
> + file). */
> + errstring = N_("ELF load command past end of file");
> + goto lose;
> + }
Are these still valid objects? How does this object are created exactly?
You state that it happens with 'some toolchain versions', is this
something new or has it be fixed (if it is an issue) upstream?
More information about the Libc-alpha
mailing list