|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4 00/16] XSA55 libelf fixes for unstable
Andrew Cooper writes ("Re: [PATCH 4 00/16] XSA55 libelf fixes for unstable"):
> Xen warning: dom0 kernel broken ELF: program segments total to more
> than the input image size
I had a total brain fart when I wrote this, and forgot about
uninitialised data. I think this patch (added to the end of the
series) should fix it.
If you report success I intend to provide a v5 of my series with this
integrated in its proper place.
Thanks,
Ian.
Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
diff --git a/xen/common/libelf/libelf-loader.c
b/xen/common/libelf/libelf-loader.c
index fbc8de7..1e3c869 100644
--- a/xen/common/libelf/libelf-loader.c
+++ b/xen/common/libelf/libelf-loader.c
@@ -298,7 +298,12 @@ elf_errorstatus elf_load_binary(struct elf_binary *elf)
ELF_HANDLE_DECL(elf_phdr) phdr;
uint64_t i, count, paddr, offset, filesz, memsz;
elf_ptrval dest;
- elf_ptrval remain_allow_copy = elf->size;
+ uint64_t remain_allow_copy = (uint64_t)elf->dest_size * 2;
+ /*
+ * Let bizarre ELFs write the output image up to twice; this
+ * calculation is just to ensure our copying loop is no worse than
+ * O(domain_size).
+ */
count = elf_uval(elf, elf->ehdr, e_phnum);
for ( i = 0; i < count; i++ )
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |