summaryrefslogtreecommitdiff
path: root/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch')
-rw-r--r--app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch72
1 files changed, 0 insertions, 72 deletions
diff --git a/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch b/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch
deleted file mode 100644
index 1fa5c3187e5a..000000000000
--- a/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From e95103c40d0541fbcdb4b84b000832d9b1b83b8d Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich <slyfox@gentoo.org>
-Date: Sat, 19 Aug 2017 10:34:41 +0100
-Subject: [PATCH] scanelf: fix out-of-bounds access in ia64
-
-commit 2eb852129394f97dae89c0ff1f9f48637edcb0e9
-slightly changed decoder and added unchecked
-read from elf header:
-
-```
- switch (EGET(dpltrel->d_un.d_val)) { \
- case DT_REL: \
- rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
-```
-
-On ia64 'EGET(drel->d_un.d_val)' returns absolute address:
-
-```
- $ dumpelf bug/luatex
- ...
- /* Dynamic tag #31 'DT_RELA' 0x97E310 */
- {
- .d_tag = 0x7 ,
- .d_un = {
- .d_val = 0x4000000000031C30 ,
- .d_ptr = 0x4000000000031C30 ,
- },
- },
-```
-
-That causes 'scanelf' crash on binaries like 'luatex'.
-
-This change restores check and loudly skips such sections:
- scanelf: bug/luatex: DT_RELA is out of file range
-
-Bug: https://bugs.gentoo.org/624356
-Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
----
- scanelf.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/scanelf.c b/scanelf.c
-index 1ead891..a054408 100644
---- a/scanelf.c
-+++ b/scanelf.c
-@@ -607,11 +607,23 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
- } \
- switch (EGET(dpltrel->d_un.d_val)) { \
- case DT_REL: \
-+ if (EGET(drel->d_un.d_val) >= (uint64_t)elf->len - sizeof (drel->d_un.d_val)) { \
-+ rel = NULL; \
-+ rela = NULL; \
-+ warn("%s: DT_REL is out of file range", elf->filename); \
-+ break; \
-+ } \
- rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
- rela = NULL; \
- pltrel = DT_REL; \
- break; \
- case DT_RELA: \
-+ if (EGET(drel->d_un.d_val) >= (uint64_t)elf->len - sizeof (drel->d_un.d_val)) { \
-+ rel = NULL; \
-+ rela = NULL; \
-+ warn("%s: DT_RELA is out of file range", elf->filename); \
-+ break; \
-+ } \
- rel = NULL; \
- rela = RELA##B(elf->vdata + EGET(drel->d_un.d_val)); \
- pltrel = DT_RELA; \
---
-2.14.1
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 13:59:41 +0000