debugedit: fix segment fault while file's bss offset have a large number

While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
into memory. While the file's bss Offset has a large number, elf_update
caculated file size by __elf64_updatenull_wrlock and the size was
enlarged.

In this situation, elf_update invoked ftruncate to enlarge the file,
and memory size (elf->maximum_size) also was incorrectly updated.
There was segment fault in elf_end which invoked munmap with the
length is the enlarged file size, not the mmap's length.

Before the above operations, invoke elf_begin/elf_update/elf_end
with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
could make sure the file is safe for the following elf operations.

[YOCTO #5356]
https://bugzilla.redhat.com/show_bug.cgi?id=1019707
https://bugzilla.redhat.com/show_bug.cgi?id=1020842

(From OE-Core rev: 35c8b1ac7c3b1e4209b1e30d1dbd1a457286b97b)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 67 insertions, 0 deletions

diff --git a/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
new file mode 100644
index 0000000000..2696cd3168
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
@@ -0,0 +1,67 @@
+debugedit: fix segment fault while file's bss offset have a large number
+
+While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
+into memory. While the file's bss Offset has a large number, elf_update
+caculated file size by __elf64_updatenull_wrlock and the size was
+enlarged.
+
+In this situation, elf_update invoked ftruncate to enlarge the file,
+and memory size (elf->maximum_size) also was incorrectly updated.
+There was segment fault in elf_end which invoked munmap with the
+length is the enlarged file size, not the mmap's length.
+
+Before the above operations, invoke elf_begin/elf_update/elf_end
+with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
+could make sure the file is safe for the following elf operations.
+
+Upstream-Status: Pending
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ tools/debugedit.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/tools/debugedit.c b/tools/debugedit.c
+--- a/tools/debugedit.c
++++ b/tools/debugedit.c
+@@ -1512,6 +1512,28 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
+   }
+ }
+ 
++/* It avoided the segment fault while file's bss offset have a large number.
++   See https://bugzilla.redhat.com/show_bug.cgi?id=1019707
++       https://bugzilla.redhat.com/show_bug.cgi?id=1020842 for detail. */
++void valid_file(int fd)
++{
++  Elf *elf = elf_begin (fd, ELF_C_RDWR, NULL);
++  if (elf == NULL)
++  {
++    error (1, 0, "elf_begin: %s", elf_errmsg (-1));
++    return;
++  }
++
++  elf_flagelf (elf, ELF_C_SET, ELF_F_LAYOUT);
++
++  if (elf_update (elf, ELF_C_WRITE) < 0)
++    error (1, 0, "elf_update: %s", elf_errmsg (-1));
++
++  elf_end (elf);
++
++  return;
++}
++
+ int
+ main (int argc, char *argv[])
+ {
+@@ -1608,6 +1630,9 @@ main (int argc, char *argv[])
+       exit (1);
+     }
+ 
++  /* Make sure the file is valid. */
++  valid_file(fd);
++
+   dso = fdopen_dso (fd, file);
+   if (dso == NULL)
+     exit (1);
+-- 
+1.8.1.2
+