summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2018-07-27 13:20:51 -0700
committerH.J. Lu <hjl.tools@gmail.com>2018-07-27 13:23:31 -0700
commit4591b7db23bf5f58f6dbd81a5d9f926bf765cd09 (patch)
treef784ed333517788b1255d37830c20a3e72454553
parent97f2237efa7e2cf269f925fe009a338eabcbc7f0 (diff)
x86/CET: Don't parse beyond the note end
Simply check if "ptr < ptr_end" since "ptr" is always incremented by 8. Reviewed-by: Carlos O'Donell <carlos@redhat.com> * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't parse beyond the note end.
-rw-r--r--ChangeLog5
-rw-r--r--sysdeps/x86/dl-prop.h2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 50fc501865..15b112266b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-07-27 H.J. Lu <hongjiu.lu@intel.com>
+
+ * sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
+ parse beyond the note end.
+
2018-07-27 Adhemerval Zanella <adhemerval.zanella@linaro.org>
* sysdeps/unix/sysv/linux/tst-ofdlocks.c: Return unsupported if
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index d56e20a6dc..35d3f16a23 100644
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l,
unsigned char *ptr = (unsigned char *) (note + 1) + 4;
unsigned char *ptr_end = ptr + note->n_descsz;
- while (1)
+ while (ptr < ptr_end)
{
unsigned int type = *(unsigned int *) ptr;
unsigned int datasz = *(unsigned int *) (ptr + 4);