From 171a70b4c0173533f6f803ec6bc8c2ed910cc468 Mon Sep 17 00:00:00 2001
From: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Wed, 2 May 2012 14:35:30 -0700
Subject: For PR 14055, add bounds check to _dl_show_auxv().

---
 elf/dl-sysdep.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'elf/dl-sysdep.c')

diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c
index 1cb4460a02..ea505a646f 100644
--- a/elf/dl-sysdep.c
+++ b/elf/dl-sysdep.c
@@ -1,5 +1,5 @@
 /* Operating system support for run-time dynamic linker.  Generic Unix version.
-   Copyright (C) 1995-1998,2000-2008,2009,2010
+   Copyright (C) 1995-1998,2000-2010,2012
 	Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
@@ -303,7 +303,9 @@ _dl_show_auxv (void)
 	};
       unsigned int idx = (unsigned int) (av->a_type - 2);
 
-      if ((unsigned int) av->a_type < 2u || auxvars[idx].form == ignore)
+      if ((unsigned int) av->a_type < 2u
+	  || (idx < sizeof (auxvars) / sizeof (auxvars[0])
+	      && auxvars[idx].form == ignore))
 	continue;
 
       assert (AT_NULL == 0);
-- 
cgit 1.4.1