From f3651e4e206598a4d39dbdab76d4c066ab646188 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Wed, 17 Dec 2003 06:41:20 +0000 Subject: When I switched from using stack allocated space for printf, I missed a case where a sizeof(foo) was changed to the sizeof a pointer. This caused _dl_printf to complain a lot when debug is enabled (which itself revealed a bug since it should have exited on buffer overflow), and let me to find another bug, where memory failures would try to recursively call _dl_printf.... What a mess. --- ldso/ldso/dl-elf.c | 8 +++++--- ldso/ldso/readelflib1.c | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'ldso/ldso') diff --git a/ldso/ldso/dl-elf.c b/ldso/ldso/dl-elf.c index cb6c6893b..136f7b148 100644 --- a/ldso/ldso/dl-elf.c +++ b/ldso/ldso/dl-elf.c @@ -787,7 +787,7 @@ void _dl_dprintf(int fd, const char *fmt, ...) buf = _dl_mmap((void *) 0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); if (_dl_mmap_check_error(buf)) { - _dl_dprintf(2, "%s: mmap of a spare page failed!\n", _dl_progname); + _dl_write(fd, "mmap of a spare page failed!\n", 29); _dl_exit(20); } @@ -796,8 +796,10 @@ void _dl_dprintf(int fd, const char *fmt, ...) if (!fmt) return; - if (_dl_strlen(fmt) >= (sizeof(buf) - 1)) - _dl_write(fd, "(overflow)\n", 10); + if (_dl_strlen(fmt) >= (4096 - 1)) { + _dl_write(fd, "overflow\n", 11); + _dl_exit(20); + } _dl_strcpy(buf, fmt); va_start(args, fmt); diff --git a/ldso/ldso/readelflib1.c b/ldso/ldso/readelflib1.c index cb6c6893b..136f7b148 100644 --- a/ldso/ldso/readelflib1.c +++ b/ldso/ldso/readelflib1.c @@ -787,7 +787,7 @@ void _dl_dprintf(int fd, const char *fmt, ...) buf = _dl_mmap((void *) 0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); if (_dl_mmap_check_error(buf)) { - _dl_dprintf(2, "%s: mmap of a spare page failed!\n", _dl_progname); + _dl_write(fd, "mmap of a spare page failed!\n", 29); _dl_exit(20); } @@ -796,8 +796,10 @@ void _dl_dprintf(int fd, const char *fmt, ...) if (!fmt) return; - if (_dl_strlen(fmt) >= (sizeof(buf) - 1)) - _dl_write(fd, "(overflow)\n", 10); + if (_dl_strlen(fmt) >= (4096 - 1)) { + _dl_write(fd, "overflow\n", 11); + _dl_exit(20); + } _dl_strcpy(buf, fmt); va_start(args, fmt); -- cgit v1.2.3