JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zig: fix index out of bounds reading RPATH

Browse Source
This commit is contained in:
Nguyễn Gia Phong 2022-08-16 13:04:24 +09:00
parent 6512b21eab
commit d2e3b5ba13
No known key found for this signature in database
GPG Key ID: 27148B2C06A2224B
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/development/compilers/zig/default.nix
View File

@ -18,6 +18,9 @@ stdenv.mkDerivation rec {
hash = "sha256-x2c4c9RSrNWGqEngio4ArW7dJjW0gg+8nqBwPcR721k=";
};
# Fix index out of bounds reading RPATH (cherry-picked from 0.10-dev)
patches = [ ./rpath.patch ];
nativeBuildInputs = [
cmake
llvmPackages.llvm.dev

39
pkgs/development/compilers/zig/rpath.patch Normal file
View File

@ -0,0 +1,39 @@
commit ebcdbd9b3c9d437780aee4d6af76bbd2ab32ea06
Author: LeRoyce Pearson <contact@leroycepearson.dev>
Date: 2022-07-17 16:01:22 -0600
Read dynstr starting at rpath offset
Since we know the offset, we may as well read starting there. Still expects
rpath to fit in 4096 bytes; that might be worth fixing in the future.
Fixes issue #12112
diff --git a/lib/std/zig/system/NativeTargetInfo.zig b/lib/std/zig/system/NativeTargetInfo.zig
index af41fc790579..ad0b6d5ce1e1 100644
--- a/lib/std/zig/system/NativeTargetInfo.zig
+++ b/lib/std/zig/system/NativeTargetInfo.zig
@@ -652,14 +652,19 @@ pub fn abiAndDynamicLinkerFromFile(
} else null;
if (dynstr) |ds| {
- const strtab_len = std.math.min(ds.size, strtab_buf.len);
- const strtab_read_len = try preadMin(file, &strtab_buf, ds.offset, strtab_len);
- const strtab = strtab_buf[0..strtab_read_len];
// TODO this pointer cast should not be necessary
const rpoff_usize = std.math.cast(usize, rpoff) catch |err| switch (err) {
error.Overflow => return error.InvalidElfFile,
};
- const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab[rpoff_usize..].ptr, 0), 0);
+ if (rpoff_usize > ds.size) return error.InvalidElfFile;
+ const rpoff_file = ds.offset + rpoff_usize;
+ const rp_max_size = ds.size - rpoff_usize;
+
+ const strtab_len = std.math.min(rp_max_size, strtab_buf.len);
+ const strtab_read_len = try preadMin(file, &strtab_buf, rpoff_file, strtab_len);
+ const strtab = strtab_buf[0..strtab_read_len];
+
+ const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab.ptr, 0), 0);
var it = mem.tokenize(u8, rpath_list, ":");
while (it.next()) |rpath| {
var dir = fs.cwd().openDir(rpath, .{}) catch |err| switch (err) {