This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[patch] Fix out-of-bounds access in _dl_show_auxv()


Greetings,

In _dl_show_auxv(), when handling unknown a_type values, auxvars[] could
be accessed out of bounds and cause a crash.

Attached patch fixes that.

Tested on Linux/x86_64, no regressions.

Google ref: b/6412609

Thanks,
--
Paul Pluzhnikov

2012-04-27  Paul Pluzhnikov  <ppluzhnikov@google.com>

	* elf/dl-sysdep.c (_dl_show_auxv): Add bounds check.


diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c
index 1cb4460..5e66c30 100644
--- a/elf/dl-sysdep.c
+++ b/elf/dl-sysdep.c
@@ -303,7 +303,9 @@ _dl_show_auxv (void)
 	};
       unsigned int idx = (unsigned int) (av->a_type - 2);
 
-      if ((unsigned int) av->a_type < 2u || auxvars[idx].form == ignore)
+      if ((unsigned int) av->a_type < 2u
+	  || (idx < sizeof (auxvars) / sizeof (auxvars[0])
+	      && auxvars[idx].form == ignore))
 	continue;
 
       assert (AT_NULL == 0);


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]