Fix fill_mmap for sections past the section headers

If fill_mmap() was run for a section that's past the shdr_end, but does not immediately follow the section headers the fill start would be determined incorrectly as shdr_end, which would wipe off contents of sections between shdr_end and current one. Issue was reported and triaged by Hugo Mildenberger, Graham Murray and Peter Alfredsen. (http://bugs.gentoo.org/show_bug.cgi?id=288977)
author: Lubomir Rintel <[email protected]> 2009-10-23 16:18:51 +0200
committer: Roland McGrath <[email protected]> 2010-01-04 19:32:40 -0800
commit: 2cfe33f4212519586066558a9e18d8e2e0887567 (patch)
tree: 96c5afe5a23c4f4d2e7538e8cf8aadb0d2686885 /libelf/elf32_updatefile.c
parent: 73a4d82bae107cf752d7ad2ed182fc383c933708 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c
index 0539f03d..8be19948 100644
--- a/libelf/elf32_updatefile.c
+++ b/libelf/elf32_updatefile.c
@@ -322,8 +322,11 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo, size_t shnum)
 
 	    if (last_position + written != scn_start + offset
 		&& shdr_end < scn_start + offset)
-	      memset (shdr_end, __libelf_fill_byte,
-		      scn_start + offset - shdr_end);
+	      {
+		char *fill_start = MAX (shdr_end, scn_start);
+		memset (fill_start, __libelf_fill_byte,
+			scn_start + offset - fill_start);
+	      }
 	  }
 
 	  if (scn->data_list_rear != NULL)
author	Lubomir Rintel <[email protected]>	2009-10-23 16:18:51 +0200
committer	Roland McGrath <[email protected]>	2010-01-04 19:32:40 -0800
commit	2cfe33f4212519586066558a9e18d8e2e0887567 (patch)
tree	96c5afe5a23c4f4d2e7538e8cf8aadb0d2686885 /libelf/elf32_updatefile.c
parent	73a4d82bae107cf752d7ad2ed182fc383c933708 (diff)