summary refs log tree commit diff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2018-07-27 13:20:51 -0700
committerH.J. Lu <hjl.tools@gmail.com>2018-07-27 13:23:31 -0700
commit4591b7db23bf5f58f6dbd81a5d9f926bf765cd09 (patch)
treef784ed333517788b1255d37830c20a3e72454553
parent97f2237efa7e2cf269f925fe009a338eabcbc7f0 (diff)
downloadglibc-4591b7db23bf5f58f6dbd81a5d9f926bf765cd09.tar.gz
glibc-4591b7db23bf5f58f6dbd81a5d9f926bf765cd09.tar.xz
glibc-4591b7db23bf5f58f6dbd81a5d9f926bf765cd09.zip
x86/CET: Don't parse beyond the note end
Simply check if "ptr < ptr_end" since "ptr" is always incremented by 8.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
	parse beyond the note end.
-rw-r--r--ChangeLog5
-rw-r--r--sysdeps/x86/dl-prop.h2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 50fc501865..15b112266b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-07-27  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
+	parse beyond the note end.
+
 2018-07-27  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	* sysdeps/unix/sysv/linux/tst-ofdlocks.c: Return unsupported if
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index d56e20a6dc..35d3f16a23 100644
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l,
 	  unsigned char *ptr = (unsigned char *) (note + 1) + 4;
 	  unsigned char *ptr_end = ptr + note->n_descsz;
 
-	  while (1)
+	  while (ptr < ptr_end)
 	    {
 	      unsigned int type = *(unsigned int *) ptr;
 	      unsigned int datasz = *(unsigned int *) (ptr + 4);