mirror of git://git.musl-libc.org/musl
fix crash/misbehavior from oob read in new dynamic tls installation
code introduced in commit 9d44b6460a
wrongly attempted to read past the end of the currently-installed dtv
to determine if a dso provides new, not-already-installed tls. this
logic was probably leftover from an earlier draft of the code that
wrongly installed the new dtv before populating it.
it would work if we instead queried the new, not-yet-installed dtv,
but instead, replace the incorrect check with a simple range check
against old_cnt. this also catches modules that have no tls at all
with a single condition.
This commit is contained in:
Rich Felker
parent
6516282d2a
commit
71db5dfaa9
|
|
@ -1374,7 +1374,7 @@ static void install_new_tls(void)
|
||||||
}
|
}
|
||||||
/* Install new dtls into the enlarged, uninstalled dtv copies. */
|
/* Install new dtls into the enlarged, uninstalled dtv copies. */
|
||||||
for (p=head; ; p=p->next) {
|
for (p=head; ; p=p->next) {
|
||||||
if (!p->tls_id || self->dtv[p->tls_id]) continue;
|
if (p->tls_id <= old_cnt) continue;
|
||||||
unsigned char *mem = p->new_tls;
|
unsigned char *mem = p->new_tls;
|
||||||
for (j=0; j<i; j++) {
|
for (j=0; j<i; j++) {
|
||||||
unsigned char *new = mem;
|
unsigned char *new = mem;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue