Add fix for off by one adding DW_FORM_string replacement (#1434347)
This commit is contained in:
Mark Wielaard
parent
915296ceec
commit
bc4decbc5f
|
|
@ -0,0 +1,51 @@
|
|||
From e6cbf971242e424264711f9ffad57eee7f6d6f67 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Wielaard <mark@klomp.org>
|
||||
Date: Tue, 21 Mar 2017 16:46:37 +0100
|
||||
Subject: [PATCH] debugedit: Fix off-by-one adding DW_FORM_string replacement
|
||||
slashes.
|
||||
|
||||
We would put one too many slashes in between the new dest_dir and file name
|
||||
part of the replacement of a DW_FORM_string in the .debug_info. If there
|
||||
was file part then we would overwrite the first character of the name. If
|
||||
there was no file part at all then this would overwrite the zero terminator
|
||||
and cause a crash reading the rest of the data.
|
||||
|
||||
A crash did happen while building the docker package on fedora s390x.
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1434347
|
||||
|
||||
The reason neither issue would normally trigger is because if we do detect
|
||||
that the dest_dir is larger than the base_dir we refuse to replace anything.
|
||||
|
||||
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
||||
---
|
||||
tools/debugedit.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/debugedit.c b/tools/debugedit.c
|
||||
index 0f37316..b618dce 100644
|
||||
--- a/tools/debugedit.c
|
||||
+++ b/tools/debugedit.c
|
||||
@@ -1507,12 +1507,16 @@ edit_attributes (DSO *dso, unsigned char *ptr, struct abbrev_tag *t, int phase)
|
||||
comp_dir, base_dir, dest_dir);
|
||||
else
|
||||
{
|
||||
- /* Add one or more slashes in between to
|
||||
- fill up all space (replacement must be
|
||||
- of the same length). */
|
||||
+ /* Add zero (if no file part), one or more
|
||||
+ slashes in between the new dest_dir and the
|
||||
+ file name to fill up all space (replacement
|
||||
+ DW_FORM_string must be of the same length).
|
||||
+ We don't need to copy the old file name (if
|
||||
+ any) or the zero terminator, because those
|
||||
+ are already at the end of the string. */
|
||||
memcpy (ptr, dest_dir, dest_len);
|
||||
memset (ptr + dest_len, '/',
|
||||
- orig_len - new_len + 1);
|
||||
+ orig_len - new_len);
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
6
rpm.spec
6
rpm.spec
|
|
@ -29,7 +29,7 @@
|
|||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: %{?snapver:0.%{snapver}.}13%{?dist}
|
||||
Release: %{?snapver:0.%{snapver}.}14%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
|
||||
|
|
@ -92,6 +92,7 @@ Patch266: 0017-do-not-process-buildi-ds-for-noarch.patch
|
|||
Patch267: 0018-update-build-id-endian.patch
|
||||
Patch268: 0019-fix-sed-build-id-match-test.patch
|
||||
Patch269: 0020-build-files-exec-build-id.patch
|
||||
Patch270: 0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch
|
||||
|
||||
# OpenSSL backend
|
||||
Patch300: 0001-Add-OpenSSL-support-for-digest-and-signatures.patch
|
||||
|
|
@ -596,6 +597,9 @@ exit 0
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 21 2017 Mark Wielaard <mjw@redhat.com> - 4.13.0.1-14
|
||||
- Add fix for off by one adding DW_FORM_string replacement (#1434347).
|
||||
|
||||
* Mon Mar 20 2017 Mark Wielaard <mjw@redhat.com> - 4.13.0.1-13
|
||||
- Add tests fix for sed file build-id regexp matching.
|
||||
- Add fix for build-ids in non-executable ELF files (#1433837).
|
||||
|
|
|
|||
Loading…
Reference in New Issue