Re: [PATCH] elf.cc: expect .note.osv-mlock section with no strings

Mon, 23 Jan 2017 01:56:43 -0800 

On Mon, Jan 23, 2017 at 11:46 AM, Justin Cinkelj <justin.cink...@xlab.si>
wrote:

> Code to remove \0 at end of string tried to copy strlen()-1 data bytes.
> It didn't expect the .note.osv-mlock section to contains only 0x00.
> This caused attempt to allocate and copy -1 bytes, converted to about 4GB.
>
> Commit addes extra check for the 0-length string case.
>
> Fixes 840.
>
> Signed-off-by: Justin Cinkelj <justin.cink...@xlab.si>
> ---
>  core/elf.cc | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/core/elf.cc b/core/elf.cc
> index efa574e..ab4535d 100644
> --- a/core/elf.cc
> +++ b/core/elf.cc
> @@ -26,6 +26,7 @@
>  #include <osv/stubbing.hh>
>  #include <sys/utsname.h>
>  #include <osv/demangle.hh>
> +#include <algorithm>
>
>  #include "arch.hh"
>
> @@ -360,9 +361,12 @@ Elf64_Note::Elf64_Note(void *_base, char *str)
>      // The note section strings will include the trailing 0. std::string
>      // doesn't like that very much, and comparisons against a string that
> is
>      // constructed from this string will fail. Therefore the - 1 at the
> end
> -    n_owner.assign(str, base[0] - 1);
> +    Elf64_Word len;
> +    len = std::max(base[0], (Elf64_Word)1) - 1;
> +    n_owner.assign(str, len);
>


Thanks. This is correct, but I just wonder if it wouldn't be clearer to
simply not call assign() at all for an empty string - instead of these
three lines, do

    if (base[0]) {
        n_owner.assign(str, base[0] - 1);
    }

If we don't call assign(), the string will remain with its default value,
i.e., empty.

     str = align_up(str + base[0], 4);
> -    n_value.assign(str, base[1] - 1);
> +    len = std::max(base[1], (Elf64_Word)1) - 1;
> +    n_value.assign(str, len);
>  }
>
>  void object::load_segments()
> --
> 2.9.3
>
> --
> You received this message because you are subscribed to the Google Groups
> "OSv Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to osv-dev+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "OSv 
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to osv-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to