From: Justin Cinkelj <justin.cink...@xlab.si>
Committer: Nadav Har'El <n...@scylladb.com>
Branch: master
elf.cc: expect .note.osv-mlock section with no strings
Code to remove \0 at end of string tried to copy strlen()-1 data bytes.
It didn't expect the .note.osv-mlock section to contains only 0x00.
This caused attempt to allocate and copy -1 bytes, converted to about 4GB.
Commit addes extra check for the 0-length string case.
Fixes 840.
Signed-off-by: Justin Cinkelj <justin.cink...@xlab.si>
Message-Id: <20170123104103.13751-1-justin.cink...@xlab.si>
---
diff --git a/core/elf.cc b/core/elf.cc
--- a/core/elf.cc
+++ b/core/elf.cc
@@ -360,9 +360,13 @@ Elf64_Note::Elf64_Note(void *_base, char *str)
// The note section strings will include the trailing 0. std::string
// doesn't like that very much, and comparisons against a string that
is
// constructed from this string will fail. Therefore the - 1 at the end
- n_owner.assign(str, base[0] - 1);
+ if (base[0] > 0) {
+ n_owner.assign(str, base[0] -1);
+ }
str = align_up(str + base[0], 4);
- n_value.assign(str, base[1] - 1);
+ if (base[1] > 0) {
+ n_value.assign(str, base[1] - 1);
+ }
}
void object::load_segments()
--
You received this message because you are subscribed to the Google Groups "OSv
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to osv-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
