Prevent infinite iteration on link_map list clobbered into circularity.

author: Roland McGrath <[email protected]> 2010-04-14 12:54:45 -0700
committer: Roland McGrath <[email protected]> 2010-04-14 12:54:45 -0700
commit: be1393031d9db8504d7d651c1da514be3766e7fa (patch)
tree: dd45f75b1dbe7639a14a8d120aa5be99e8d3c566 /libdwfl/link_map.c
parent: 62b28b63dc2495f3ce360ef2abd8112414cbe95c (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index 5991a112..fe7f40ce 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -329,7 +329,13 @@ report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata,
 
   Dwfl_Module **lastmodp = &dwfl->modulelist;
   int result = 0;
-  while (next != 0)
+
+  /* There can't be more elements in the link_map list than there are
+     segments.  DWFL->lookup_elts is probably twice that number, so it
+     is certainly above the upper bound.  If we iterate too many times,
+     there must be a loop in the pointers due to link_map clobberation.  */
+  size_t iterations = 0;
+  while (next != 0 && ++iterations < dwfl->lookup_elts)
     {
       if (read_addrs (next, 4))
 	return release_buffer (-1);
@@ -798,7 +804,7 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
 			   ? elf32_xlatetom : elf64_xlatetom)
 			  (&out, &in, elfdata) != NULL))
 		{
-		  /* We are looking for PT_DYNAMIC.  */
+		  /* We are looking for DT_DEBUG.  */
 		  const union
 		  {
 		    Elf32_Dyn d32[dyn_filesz / sizeof (Elf32_Dyn)];
author	Roland McGrath <[email protected]>	2010-04-14 12:54:45 -0700
committer	Roland McGrath <[email protected]>	2010-04-14 12:54:45 -0700
commit	be1393031d9db8504d7d651c1da514be3766e7fa (patch)
tree	dd45f75b1dbe7639a14a8d120aa5be99e8d3c566 /libdwfl/link_map.c
parent	62b28b63dc2495f3ce360ef2abd8112414cbe95c (diff)