* [PATCH 0/1] debugedit: fix segment fault while file's bss offset have a large number
@ 2013-10-21 11:37 Hongxu Jia
2013-10-21 11:37 ` [PATCH 1/1] " Hongxu Jia
0 siblings, 1 reply; 2+ messages in thread
From: Hongxu Jia @ 2013-10-21 11:37 UTC (permalink / raw)
To: openembedded-core
The following changes since commit 529bf977e956175bd8405ebffc88194192e44740:
update-rcd.bbclass: fix host/target test (2013-10-16 14:51:07 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib hongxu/fix-debugedit
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-debugedit
Hongxu Jia (1):
debugedit: fix segment fault while file's bss offset have a large
number
...debugedit-valid-file-to-fix-segment-fault.patch | 67 ++++++++++++++++++++++
meta/recipes-devtools/rpm/rpm_5.4.9.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
--
1.8.1.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 1/1] debugedit: fix segment fault while file's bss offset have a large number
2013-10-21 11:37 [PATCH 0/1] debugedit: fix segment fault while file's bss offset have a large number Hongxu Jia
@ 2013-10-21 11:37 ` Hongxu Jia
0 siblings, 0 replies; 2+ messages in thread
From: Hongxu Jia @ 2013-10-21 11:37 UTC (permalink / raw)
To: openembedded-core
While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
into memory. While the file's bss Offset has a large number, elf_update
caculated file size by __elf64_updatenull_wrlock and the size was
enlarged.
In this situation, elf_update invoked ftruncate to enlarge the file,
and memory size (elf->maximum_size) also was incorrectly updated.
There was segment fault in elf_end which invoked munmap with the
length is the enlarged file size, not the mmap's length.
Before the above operations, invoke elf_begin/elf_update/elf_end
with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
could make sure the file is safe for the following elf operations.
[YOCTO #5356]
https://bugzilla.redhat.com/show_bug.cgi?id=1019707
https://bugzilla.redhat.com/show_bug.cgi?id=1020842
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
...debugedit-valid-file-to-fix-segment-fault.patch | 67 ++++++++++++++++++++++
meta/recipes-devtools/rpm/rpm_5.4.9.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
diff --git a/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
new file mode 100644
index 0000000..2696cd3
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/debugedit-valid-file-to-fix-segment-fault.patch
@@ -0,0 +1,67 @@
+debugedit: fix segment fault while file's bss offset have a large number
+
+While ELF_C_RDWR_MMAP was used, elf_begin invoked mmap() to map file
+into memory. While the file's bss Offset has a large number, elf_update
+caculated file size by __elf64_updatenull_wrlock and the size was
+enlarged.
+
+In this situation, elf_update invoked ftruncate to enlarge the file,
+and memory size (elf->maximum_size) also was incorrectly updated.
+There was segment fault in elf_end which invoked munmap with the
+length is the enlarged file size, not the mmap's length.
+
+Before the above operations, invoke elf_begin/elf_update/elf_end
+with ELF_C_RDWR and ELF_F_LAYOUT set to enlarge the above file, it
+could make sure the file is safe for the following elf operations.
+
+Upstream-Status: Pending
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ tools/debugedit.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/tools/debugedit.c b/tools/debugedit.c
+--- a/tools/debugedit.c
++++ b/tools/debugedit.c
+@@ -1512,6 +1512,28 @@ handle_build_id (DSO *dso, Elf_Data *build_id,
+ }
+ }
+
++/* It avoided the segment fault while file's bss offset have a large number.
++ See https://bugzilla.redhat.com/show_bug.cgi?id=1019707
++ https://bugzilla.redhat.com/show_bug.cgi?id=1020842 for detail. */
++void valid_file(int fd)
++{
++ Elf *elf = elf_begin (fd, ELF_C_RDWR, NULL);
++ if (elf == NULL)
++ {
++ error (1, 0, "elf_begin: %s", elf_errmsg (-1));
++ return;
++ }
++
++ elf_flagelf (elf, ELF_C_SET, ELF_F_LAYOUT);
++
++ if (elf_update (elf, ELF_C_WRITE) < 0)
++ error (1, 0, "elf_update: %s", elf_errmsg (-1));
++
++ elf_end (elf);
++
++ return;
++}
++
+ int
+ main (int argc, char *argv[])
+ {
+@@ -1608,6 +1630,9 @@ main (int argc, char *argv[])
+ exit (1);
+ }
+
++ /* Make sure the file is valid. */
++ valid_file(fd);
++
+ dso = fdopen_dso (fd, file);
+ if (dso == NULL)
+ exit (1);
+--
+1.8.1.2
+
diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
index 3c7e03b..c2f2279 100644
--- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
+++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
@@ -86,6 +86,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
file://rpm-platform2.patch \
file://rpm-remove-sykcparse-decl.patch \
file://debugedit-segv.patch \
+ file://debugedit-valid-file-to-fix-segment-fault.patch \
file://rpm-platform-file-fix.patch \
file://rpm-lsb-compatibility.patch \
"
--
1.8.1.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-10-21 11:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-21 11:37 [PATCH 0/1] debugedit: fix segment fault while file's bss offset have a large number Hongxu Jia
2013-10-21 11:37 ` [PATCH 1/1] " Hongxu Jia
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox