|
Igor Gnatenko |
082d5d |
From 419ae36f2c0dad195737982b446fcace507d0814 Mon Sep 17 00:00:00 2001
|
|
Mark Wielaard |
bc4dec |
From: Mark Wielaard <mark@klomp.org>
|
|
Igor Gnatenko |
082d5d |
Date: Tue, 21 Mar 2017 16:57:44 +0100
|
|
Mark Wielaard |
284dc3 |
Subject: [PATCH] debugedit: Fix off-by-one adding DW_FORM_string replacement
|
|
Mark Wielaard |
284dc3 |
slashes.
|
|
Mark Wielaard |
bc4dec |
|
|
Mark Wielaard |
bc4dec |
We would put one too many slashes in between the new dest_dir and file name
|
|
Mark Wielaard |
bc4dec |
part of the replacement of a DW_FORM_string in the .debug_info. If there
|
|
Mark Wielaard |
bc4dec |
was file part then we would overwrite the first character of the name. If
|
|
Mark Wielaard |
bc4dec |
there was no file part at all then this would overwrite the zero terminator
|
|
Mark Wielaard |
bc4dec |
and cause a crash reading the rest of the data.
|
|
Mark Wielaard |
bc4dec |
|
|
Mark Wielaard |
bc4dec |
A crash did happen while building the docker package on fedora s390x.
|
|
Mark Wielaard |
bc4dec |
https://bugzilla.redhat.com/show_bug.cgi?id=1434347
|
|
Mark Wielaard |
bc4dec |
|
|
Mark Wielaard |
bc4dec |
The reason neither issue would normally trigger is because if we do detect
|
|
Mark Wielaard |
bc4dec |
that the dest_dir is larger than the base_dir we refuse to replace anything.
|
|
Mark Wielaard |
bc4dec |
|
|
Mark Wielaard |
bc4dec |
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
|
Mark Wielaard |
bc4dec |
---
|
|
Mark Wielaard |
bc4dec |
tools/debugedit.c | 12 ++++++++----
|
|
Mark Wielaard |
bc4dec |
1 file changed, 8 insertions(+), 4 deletions(-)
|
|
Mark Wielaard |
bc4dec |
|
|
Mark Wielaard |
bc4dec |
diff --git a/tools/debugedit.c b/tools/debugedit.c
|
|
Igor Gnatenko |
082d5d |
index 0f373162d..b618dceb5 100644
|
|
Mark Wielaard |
bc4dec |
--- a/tools/debugedit.c
|
|
Mark Wielaard |
bc4dec |
+++ b/tools/debugedit.c
|
|
Mark Wielaard |
bc4dec |
@@ -1507,12 +1507,16 @@ edit_attributes (DSO *dso, unsigned char *ptr, struct abbrev_tag *t, int phase)
|
|
Mark Wielaard |
bc4dec |
comp_dir, base_dir, dest_dir);
|
|
Mark Wielaard |
bc4dec |
else
|
|
Mark Wielaard |
bc4dec |
{
|
|
Mark Wielaard |
bc4dec |
- /* Add one or more slashes in between to
|
|
Mark Wielaard |
bc4dec |
- fill up all space (replacement must be
|
|
Mark Wielaard |
bc4dec |
- of the same length). */
|
|
Mark Wielaard |
bc4dec |
+ /* Add zero (if no file part), one or more
|
|
Mark Wielaard |
bc4dec |
+ slashes in between the new dest_dir and the
|
|
Mark Wielaard |
bc4dec |
+ file name to fill up all space (replacement
|
|
Mark Wielaard |
bc4dec |
+ DW_FORM_string must be of the same length).
|
|
Mark Wielaard |
bc4dec |
+ We don't need to copy the old file name (if
|
|
Mark Wielaard |
bc4dec |
+ any) or the zero terminator, because those
|
|
Mark Wielaard |
bc4dec |
+ are already at the end of the string. */
|
|
Mark Wielaard |
bc4dec |
memcpy (ptr, dest_dir, dest_len);
|
|
Mark Wielaard |
bc4dec |
memset (ptr + dest_len, '/',
|
|
Mark Wielaard |
bc4dec |
- orig_len - new_len + 1);
|
|
Mark Wielaard |
bc4dec |
+ orig_len - new_len);
|
|
Mark Wielaard |
bc4dec |
}
|
|
Mark Wielaard |
bc4dec |
}
|
|
Mark Wielaard |
bc4dec |
}
|