diff options
| author | Rich Felker <dalias@aerifal.cx> | 2018-06-26 12:15:13 -0400 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2018-06-26 12:22:29 -0400 | 
| commit | 68a5a23abcb9649f05728db4cf50bb4498937855 (patch) | |
| tree | e1c94879314637164723f9e7a9a01177a6bb1b25 /include/spawn.h | |
| parent | 38f2fa3d0207b8060302129c6464662751d4f2d3 (diff) | |
| download | musl-68a5a23abcb9649f05728db4cf50bb4498937855.tar.gz | |
fix dynamic linker mapping/clearing bss in first/only LOAD segment
writable load segments can have size-in-memory larger than their size
in the ELF file, representing bss or equivalent. the initial partial
page has to be zero-filled, and additional anonymous pages have to be
mapped such that accesses don't failt with SIGBUS.
map_library skips redundant MAP_FIXED mapping of the initial
(lowest-address) segment when processing LOAD segments since it was
already mapped when reserving the virtual address range, but in doing
so, inadvertently also skipped the code to fill/map bss. typical
executable and library files have two or more LOAD segments, and the
first one is text/rodata (non-writable) and thus has no bss, but it is
syntactically valid for an ELF program/library to put its writable
segment first, or to have only one segment (everything writable). the
binutils bfd-based linker has been observed to create such programs in
the presence of unusual sections or linker scripts.
fix by moving only the mmap_fixed operation under the conditional
rather than skipping the remainder of the loop body. add a check to
avoid bss processing in the case where the segment is not writable;
this should not happen, but if it does, the change would be a crashing
regression without this check.
Diffstat (limited to 'include/spawn.h')
0 files changed, 0 insertions, 0 deletions
