diff options
author | Khem Raj <raj.khem@gmail.com> | 2019-12-20 15:40:20 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-19 13:24:38 +0000 |
commit | 2b5cf2a067cb6d9ca32d851dacdc1aff0cbfe904 (patch) | |
tree | b19c049d43c8b2f1a2eefcc1f257eeef03a62c62 /meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch | |
parent | c7a903aaa10eadae4ec7f4af3f3fa30763c144fc (diff) | |
download | poky-2b5cf2a067cb6d9ca32d851dacdc1aff0cbfe904.tar.gz |
glibc: Upgrade to 2.31
License-Update: Prefer https to http for gnu.org and fsf.org URLs [1]
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=5a82c74822d3272df2f5929133680478c0cfb4bd
(From OE-Core rev: b22626d996e153d6094e1f76ed33ee1bb3eea751)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch')
-rw-r--r-- | meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch new file mode 100644 index 0000000000..523b6da897 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 3ac58bf1028841cc0a8fa7f258cbf21466740360 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Wed, 18 Mar 2015 01:50:00 +0000 | ||
4 | Subject: [PATCH] nativesdk-glibc: Fix buffer overrun with a relocated SDK | ||
5 | |||
6 | When ld-linux-*.so.2 is relocated to a path that is longer than the | ||
7 | original fixed location, the dynamic loader will crash in open_path | ||
8 | because it implicitly assumes that max_dirnamelen is a fixed size that | ||
9 | never changes. | ||
10 | |||
11 | The allocated buffer will not be large enough to contain the directory | ||
12 | path string which is larger than the fixed location provided at build | ||
13 | time. | ||
14 | |||
15 | Upstream-Status: Inappropriate [OE SDK specific] | ||
16 | |||
17 | Signed-off-by: Jason Wessel <jason.wessel@windriver.com> | ||
18 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
19 | --- | ||
20 | elf/dl-load.c | 12 ++++++++++++ | ||
21 | 1 file changed, 12 insertions(+) | ||
22 | |||
23 | diff --git a/elf/dl-load.c b/elf/dl-load.c | ||
24 | index 3226f2e531..7cb8a86fab 100644 | ||
25 | --- a/elf/dl-load.c | ||
26 | +++ b/elf/dl-load.c | ||
27 | @@ -1773,7 +1773,19 @@ open_path (const char *name, size_t namelen, int mode, | ||
28 | given on the command line when rtld is run directly. */ | ||
29 | return -1; | ||
30 | |||
31 | + do | ||
32 | + { | ||
33 | + struct r_search_path_elem *this_dir = *dirs; | ||
34 | + if (this_dir->dirnamelen > max_dirnamelen) | ||
35 | + { | ||
36 | + max_dirnamelen = this_dir->dirnamelen; | ||
37 | + } | ||
38 | + } | ||
39 | + while (*++dirs != NULL); | ||
40 | + | ||
41 | buf = alloca (max_dirnamelen + max_capstrlen + namelen); | ||
42 | + | ||
43 | + dirs = sps->dirs; | ||
44 | do | ||
45 | { | ||
46 | struct r_search_path_elem *this_dir = *dirs; | ||