diff options
| author | Marcel Moolenaar <marcel@FreeBSD.org> | 2002-08-22 03:56:57 +0000 |
|---|---|---|
| committer | Marcel Moolenaar <marcel@FreeBSD.org> | 2002-08-22 03:56:57 +0000 |
| commit | 708bc7c7b486efd3b1a9f6baaca1c0005cfd969b (patch) | |
| tree | 752ff720d6d554670aa263da15f53725645354f3 /libexec | |
| parent | eb238d069235460aa5b331a57a89fcd992fcadc0 (diff) | |
| download | src-708bc7c7b486efd3b1a9f6baaca1c0005cfd969b.tar.gz src-708bc7c7b486efd3b1a9f6baaca1c0005cfd969b.zip | |
Fix a nasty memory corruption bug caused by having a bogus pointer
for the DT_IA64_PLT_RESERVE dynamic table entry. When a shared object
does not have any PLT relocations, the linker apparently doesn't find
it necessary to actually reserve the space for the BOR (Bind On
Reference) entries as pointed to by the DTE. As a result, relocatable
data in the PLT was overwritten, causing some unexpected control flow
with annoyingly predictable outcome: coredump.
To reproduce:
% echo 'int main() { return 0; }' > foo.c
% cc -o foo foo.c -lxpg4
Notes
Notes:
svn path=/head/; revision=102249
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/rtld-elf/ia64/reloc.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libexec/rtld-elf/ia64/reloc.c b/libexec/rtld-elf/ia64/reloc.c index ea58f079c362..7f8c1663af4d 100644 --- a/libexec/rtld-elf/ia64/reloc.c +++ b/libexec/rtld-elf/ia64/reloc.c @@ -482,6 +482,14 @@ init_pltgot(Obj_Entry *obj) Elf_Addr *pltres = 0; /* + * When there are no PLT relocations, the DT_IA64_PLT_RESERVE entry + * is bogus. Do not setup the BOR pointers in that case. An example + * of where this happens is /usr/lib/libxpg4.so.3. + */ + if (obj->pltrelasize == 0 && obj->pltrelsize == 0) + return; + + /* * Find the PLT RESERVE section. */ for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { |