Igor Gnatenko 082d5d
From 419ae36f2c0dad195737982b446fcace507d0814 Mon Sep 17 00:00:00 2001
Mark Wielaard bc4dec
From: Mark Wielaard <mark@klomp.org>
Igor Gnatenko 082d5d
Date: Tue, 21 Mar 2017 16:57:44 +0100
Igor Gnatenko 082d5d
Subject: [PATCH 26/49] debugedit: Fix off-by-one adding DW_FORM_string
Igor Gnatenko 082d5d
 replacement slashes.
Mark Wielaard bc4dec
Mark Wielaard bc4dec
We would put one too many slashes in between the new dest_dir and file name
Mark Wielaard bc4dec
part of the replacement of a DW_FORM_string in the .debug_info. If there
Mark Wielaard bc4dec
was file part then we would overwrite the first character of the name. If
Mark Wielaard bc4dec
there was no file part at all then this would overwrite the zero terminator
Mark Wielaard bc4dec
and cause a crash reading the rest of the data.
Mark Wielaard bc4dec
Mark Wielaard bc4dec
A crash did happen while building the docker package on fedora s390x.
Mark Wielaard bc4dec
https://bugzilla.redhat.com/show_bug.cgi?id=1434347
Mark Wielaard bc4dec
Mark Wielaard bc4dec
The reason neither issue would normally trigger is because if we do detect
Mark Wielaard bc4dec
that the dest_dir is larger than the base_dir we refuse to replace anything.
Mark Wielaard bc4dec
Mark Wielaard bc4dec
Signed-off-by: Mark Wielaard <mark@klomp.org>
Mark Wielaard bc4dec
---
Mark Wielaard bc4dec
 tools/debugedit.c | 12 ++++++++----
Mark Wielaard bc4dec
 1 file changed, 8 insertions(+), 4 deletions(-)
Mark Wielaard bc4dec
Mark Wielaard bc4dec
diff --git a/tools/debugedit.c b/tools/debugedit.c
Igor Gnatenko 082d5d
index 0f373162d..b618dceb5 100644
Mark Wielaard bc4dec
--- a/tools/debugedit.c
Mark Wielaard bc4dec
+++ b/tools/debugedit.c
Mark Wielaard bc4dec
@@ -1507,12 +1507,16 @@ edit_attributes (DSO *dso, unsigned char *ptr, struct abbrev_tag *t, int phase)
Mark Wielaard bc4dec
 				     comp_dir, base_dir, dest_dir);
Mark Wielaard bc4dec
 			  else
Mark Wielaard bc4dec
 			    {
Mark Wielaard bc4dec
-			      /* Add one or more slashes in between to
Mark Wielaard bc4dec
-				 fill up all space (replacement must be
Mark Wielaard bc4dec
-				 of the same length). */
Mark Wielaard bc4dec
+			      /* Add zero (if no file part), one or more
Mark Wielaard bc4dec
+				 slashes in between the new dest_dir and the
Mark Wielaard bc4dec
+				 file name to fill up all space (replacement
Mark Wielaard bc4dec
+				 DW_FORM_string must be of the same length).
Mark Wielaard bc4dec
+				 We don't need to copy the old file name (if
Mark Wielaard bc4dec
+				 any) or the zero terminator, because those
Mark Wielaard bc4dec
+				 are already at the end of the string.  */
Mark Wielaard bc4dec
 			      memcpy (ptr, dest_dir, dest_len);
Mark Wielaard bc4dec
 			      memset (ptr + dest_len, '/',
Mark Wielaard bc4dec
-				      orig_len - new_len + 1);
Mark Wielaard bc4dec
+				      orig_len - new_len);
Mark Wielaard bc4dec
 			    }
Mark Wielaard bc4dec
 			}
Mark Wielaard bc4dec
 		    }
Mark Wielaard bc4dec
-- 
Igor Gnatenko 082d5d
2.13.2
Mark Wielaard bc4dec