1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00

Fix a nasty memory corruption bug caused by having a bogus pointer

for the DT_IA64_PLT_RESERVE dynamic table entry. When a shared object
does not have any PLT relocations, the linker apparently doesn't find
it necessary to actually reserve the space for the BOR (Bind On
Reference) entries as pointed to by the DTE. As a result, relocatable
data in the PLT was overwritten, causing some unexpected control flow
with annoyingly predictable outcome: coredump.
To reproduce:
	% echo 'int main() { return 0; }' > foo.c
	% cc -o foo foo.c -lxpg4
This commit is contained in:
Marcel Moolenaar 2002-08-22 03:56:57 +00:00
parent eb238d0692
commit 708bc7c7b4
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=102249

View File

@ -481,6 +481,14 @@ init_pltgot(Obj_Entry *obj)
const Elf_Dyn *dynp;
Elf_Addr *pltres = 0;
/*
* When there are no PLT relocations, the DT_IA64_PLT_RESERVE entry
* is bogus. Do not setup the BOR pointers in that case. An example
* of where this happens is /usr/lib/libxpg4.so.3.
*/
if (obj->pltrelasize == 0 && obj->pltrelsize == 0)
return;
/*
* Find the PLT RESERVE section.
*/