In load_elf_binary, struct image_info interp_info is used without being
properly initialized. One result is that when the ELF's program header
doesn't contain an entry for the ABI flags, then the value of the struct
image_info's fp_abi field is set to whatever happened to be in stack
memory at the time.
This patch both sanitizes interp_info and initializes fp_abi for
TARGET_MIPS to MIPS_ABI_FP_UNKNOWN so that when we don't know the FP
ABI, we don't just blow up. Currently, this bug is a complete stopper
for some MIPS binaries.
***PLEASE NOTE***
There may be other bugs as a result of struct image_info interp_info
fields not being properly initialized -- this patch only addresses the
fp_abi field. I reccomend somebody who knows the code better than I
audit this function and the whole of that execution path.
Fixes bug #1825002 and affects 3.1.0 and 4.x, reccomend backporting to
3.1.0.
Signed-off-by: Daniel Santos <daniel.san...@pobox.com>
---
linux-user/elfload.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index c1a26021f8..7f09d572a2 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2698,6 +2698,11 @@ int load_elf_binary(struct linux_binprm *bprm, struct
image_info *info)
char *elf_interpreter = NULL;
char *scratch;
+ memset(&interp_info, 0, sizeof(interp_info));
+#ifdef TARGET_MIPS
+ interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN;
+#endif
+
info->start_mmap = (abi_ulong)ELF_START_MMAP;
load_elf_image(bprm->filename, bprm->fd, info,
--
2.19.2
