patch: fix cbfstool malloc arena corruption

Submitter	ron minnich
Date	2009-09-17 00:22:03
Message ID	<13426df10909161722pca23abep2c3d781df1f0d8f6@mail.gmail.com>
Download	mbox \| patch
Permalink	/patch/262/
State	Accepted
Headers	show Return-path: <coreboot-bounces@coreboot.org> Envelope-to: patchwork@coreboot.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=LnlQiHAz+RrO4CTA/qQBljD1+kauV/7TJc6PUT+Xks0JsKb22XCN+1PlV5fzanFaIF PLHjT99PSTU9fcFMnRx6EBO3lQBMSO0jzXAdpglGaP+3T2eH3iMFLDmFnV612EiNNc4D S4sznXU5TtMmNLUilYuWxbra+wJRK8RR2aB5A= MIME-Version: 1.0 Date: Wed, 16 Sep 2009 17:22:03 -0700 Message-ID: <13426df10909161722pca23abep2c3d781df1f0d8f6@mail.gmail.com> From: ron minnich <rminnich@gmail.com> To: coreboot <coreboot@coreboot.org> Content-Type: multipart/mixed; boundary=001636c5bbb73cb0ee0473bb01c7 Subject: [coreboot] patch: fix cbfstool malloc arena corruption Precedence: list Sender: coreboot-bounces@coreboot.org Errors-To: coreboot-bounces@coreboot.org

Comments

ron minnich - 2009-09-17 00:22:03

Peter Stuge - 2009-09-17 06:35:02

ron minnich wrote:
> There was a missing addition of the size of the .notes.pinfo 
> section header which could lead to corrupted malloc arena. 
> 
> Also, make cbfstool always build with debugging on. Performance
> is not an issue here. Don't strip it either. 
> 
> Signed-off-by: Ronald G. Minnich <rminnich@gmail.com>

Acked-by: Peter Stuge <peter@stuge.se>

ron minnich - 2009-09-17 15:35:50

On Wed, Sep 16, 2009 at 11:35 PM, Peter Stuge <peter@stuge.se> wrote:
> ron minnich wrote:
>> There was a missing addition of the size of the .notes.pinfo
>> section header which could lead to corrupted malloc arena.
>>
>> Also, make cbfstool always build with debugging on. Performance
>> is not an issue here. Don't strip it either.
>>
>> Signed-off-by: Ronald G. Minnich <rminnich@gmail.com>
>
> Acked-by: Peter Stuge <peter@stuge.se>

Thanks! This may fix other SEGV reports.

Committed revision 4641.

Patch

There was a missing addition of the size of the .notes.pinfo 
section header which could lead to corrupted malloc arena. 

Also, make cbfstool always build with debugging on. Performance
is not an issue here. Don't strip it either. 

Signed-off-by: Ronald G. Minnich <rminnich@gmail.com>

Index: util/cbfstool/Makefile
===================================================================
--- util/cbfstool/Makefile	(revision 4636)
+++ util/cbfstool/Makefile	(working copy)
@@ -2,7 +2,9 @@ 
 
 HOSTCXX ?= g++
 HOSTCC ?= gcc
+CFLAGS ?= -g
 
+
 BINARY:=$(obj)/cbfstool
 
 COMMON:=common.o compress.o minilzma.o
@@ -43,9 +45,8 @@ 
 	ctags *.[ch]
 
 CXXFLAGS=-DCOMPACT
-CFLAGS=
-LDFLAGS=
+CFLAGS=-g
+LDFLAGS=-g
 
 $(obj)/cbfstool:$(COMMON)
 	$(HOSTCXX) $(LDFLAGS) -o $@ $^
-	strip $@
Index: util/cbfstool/cbfs-mkpayload.c
===================================================================
--- util/cbfstool/cbfs-mkpayload.c	(revision 4636)
+++ util/cbfstool/cbfs-mkpayload.c	(working copy)
@@ -75,8 +75,10 @@ 
 
 		name = (char *)(strtab + shdr[i].sh_name);
 
-		if (!strcmp(name, ".note.pinfo"))
+		if (!strcmp(name, ".note.pinfo")) {
 			segments++;
+			isize += (unsigned int)shdr[i].sh_size;
+		}
 	}
 
 	/* Now, regular headers - we only care about PT_LOAD headers,

Patchwork patch: fix cbfstool malloc arena corruption

Comments

Patch