From a686326be3246a84c4c8a453913f51be8c662256 Mon Sep 17 00:00:00 2001 From: Derek Bruening Date: Sun, 31 Dec 2023 12:57:16 -0500 Subject: [PATCH 1/2] i#6529: Check end of section headers mapped Updates the rseq_process_module() check for the section headers being in the mapped region to check the endpoint instead of the start point. Tested locally: now client.drwrap-test passes when it failed with the toolchain on my local machine. Fixes #6529 --- core/unix/rseq_linux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/unix/rseq_linux.c b/core/unix/rseq_linux.c index 41300a080ad..e3982fe7eef 100644 --- a/core/unix/rseq_linux.c +++ b/core/unix/rseq_linux.c @@ -581,7 +581,8 @@ rseq_process_module(module_area_t *ma, bool at_map, bool saw_glibc_rseq_reg) ELF_SECTION_HEADER_TYPE *sec_hdr = NULL; char *strtab; ssize_t load_offs = ma->start - ma->os_data.base_address; - if (at_map && elf_hdr->e_shoff + ma->start < ma->end) { + if (at_map && + elf_hdr->e_shoff + elf_hdr->e_shnum * sizeof(*sec_hdr) + ma->start < ma->end) { sec_map = elf_hdr->e_shoff + ma->start; sec_hdr = (ELF_SECTION_HEADER_TYPE *)sec_map; /* We assume strtab is there too. */ From d4942930733e0f93d076b9323eb81aa2a65d35b0 Mon Sep 17 00:00:00 2001 From: Derek Bruening Date: Tue, 2 Jan 2024 15:25:44 -0500 Subject: [PATCH 2/2] Review request: s/sizeof/e_shentsize/ --- core/unix/rseq_linux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/unix/rseq_linux.c b/core/unix/rseq_linux.c index e3982fe7eef..08fad619860 100644 --- a/core/unix/rseq_linux.c +++ b/core/unix/rseq_linux.c @@ -582,7 +582,8 @@ rseq_process_module(module_area_t *ma, bool at_map, bool saw_glibc_rseq_reg) char *strtab; ssize_t load_offs = ma->start - ma->os_data.base_address; if (at_map && - elf_hdr->e_shoff + elf_hdr->e_shnum * sizeof(*sec_hdr) + ma->start < ma->end) { + elf_hdr->e_shoff + elf_hdr->e_shnum * elf_hdr->e_shentsize + ma->start < + ma->end) { sec_map = elf_hdr->e_shoff + ma->start; sec_hdr = (ELF_SECTION_HEADER_TYPE *)sec_map; /* We assume strtab is there too. */