From 1fe2988f523ddbad93ca7abc98fea982f2ae0505 Mon Sep 17 00:00:00 2001 From: Chris Metcalf Date: Mon, 22 Jul 2013 11:46:44 -0400 Subject: [PATCH] tile BZ #15759: Fix bug in _dl_unmap We returned without calling __munmap if not in the simulator. Now we call a separate sim_dlclose() function to make the control flow work correctly. --- NEWS | 3 ++- ports/ChangeLog.tile | 6 ++++++ ports/sysdeps/tile/dl-runtime.c | 12 +++++++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 4b2d5ca..a67e40b 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,8 @@ Version 2.18 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, - 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755. + 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755, + 15759. * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal has been fixed by disabling the use of pt_chown (Bugzilla #15755). diff --git a/ports/ChangeLog.tile b/ports/ChangeLog.tile index dd3d4f4..a2ec5e1 100644 --- a/ports/ChangeLog.tile +++ b/ports/ChangeLog.tile @@ -1,3 +1,9 @@ +2013-07-22 Chris Metcalf + + [BZ #15759] + * sysdeps/tile/dl-runtime.c (sim_dlclose): New function. + (_dl_unmap): Call sim_dlclose(). + 2013-07-19 Chris Metcalf * sysdeps/unix/sysv/linux/tile/sys/ptrace.h diff --git a/ports/sysdeps/tile/dl-runtime.c b/ports/sysdeps/tile/dl-runtime.c index 84b5a5a..42f0ab3 100644 --- a/ports/sysdeps/tile/dl-runtime.c +++ b/ports/sysdeps/tile/dl-runtime.c @@ -127,8 +127,8 @@ _dl_after_load (struct link_map *l) } /* Support notifying the simulator about removed objects prior to munmap(). */ -void internal_function -_dl_unmap (struct link_map *l) +static void +sim_dlclose (ElfW(Addr) map_start) { int shift; @@ -144,9 +144,15 @@ _dl_unmap (struct link_map *l) DLPUTC ('0'); DLPUTC ('x'); for (shift = (int) sizeof (unsigned long) * 8 - 4; shift >= 0; shift -= 4) - DLPUTC ("0123456789abcdef"[(l->l_map_start >> shift) & 0xF]); + DLPUTC ("0123456789abcdef"[(map_start >> shift) & 0xF]); DLPUTC ('\0'); + #undef DLPUTC +} +void internal_function +_dl_unmap (struct link_map *l) +{ + sim_dlclose (l->l_map_start); __munmap ((void *) l->l_map_start, l->l_map_end - l->l_map_start); } -- 2.7.4