From owner-cvs-all Wed Aug 21 20:57: 4 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 909D737B400; Wed, 21 Aug 2002 20:56:58 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B8F743E42; Wed, 21 Aug 2002 20:56:58 -0700 (PDT) (envelope-from marcel@FreeBSD.org) Received: from freefall.freebsd.org (marcel@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7M3uwJU071601; Wed, 21 Aug 2002 20:56:58 -0700 (PDT) (envelope-from marcel@freefall.freebsd.org) Received: (from marcel@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7M3uwnQ071600; Wed, 21 Aug 2002 20:56:58 -0700 (PDT) Message-Id: <200208220356.g7M3uwnQ071600@freefall.freebsd.org> From: Marcel Moolenaar Date: Wed, 21 Aug 2002 20:56:58 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/libexec/rtld-elf/ia64 reloc.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG marcel 2002/08/21 20:56:58 PDT Modified files: libexec/rtld-elf/ia64 reloc.c Log: Fix a nasty memory corruption bug caused by having a bogus pointer for the DT_IA64_PLT_RESERVE dynamic table entry. When a shared object does not have any PLT relocations, the linker apparently doesn't find it necessary to actually reserve the space for the BOR (Bind On Reference) entries as pointed to by the DTE. As a result, relocatable data in the PLT was overwritten, causing some unexpected control flow with annoyingly predictable outcome: coredump. To reproduce: % echo 'int main() { return 0; }' > foo.c % cc -o foo foo.c -lxpg4 Revision Changes Path 1.9 +8 -0 src/libexec/rtld-elf/ia64/reloc.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message