From 75e98f4e4cef2eb2b867062aebc481c3b1f66498 Mon Sep 17 00:00:00 2001
From: Markus Wichmann <nullplan@gmx.net>
Date: Wed, 26 Feb 2020 06:09:14 +0100
Subject: [PATCH] Add detection for changed size of a COPY relocation.

COPY relocations create an ABI binding between importing and exporting
module. Should anything about the object in question change, that would
be an ABI change, and therefore incompatible. While the dynamic linker
is not capable of detecting all changes, it can detect most of them by
detecting a changed size between import and export. Any change is a
problem, since the source buffer will be either overread or underread.
In any case, if the semantics of the imported object changed, the ABI
contract is broken, and it is better to detect this than to silently
allow it and inexplicably crash later on.
---
 ldso/dynlink.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index afec985a..618c2cbd 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -435,6 +435,15 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri
 			else *reloc_addr = (size_t)base + addend;
 			break;
 		case REL_COPY:
+			if (def.sym && sym->st_size != def.sym->st_size) {
+				error("Error relocating %s: %s: Size mismatch in COPY"
+						" relocation (exp %lu, got %lu)",
+						dso->name, name
+						sym->st_size + 0ul,
+						def.sym->st_size + 0ul);
+				if (runtime) longjmp(*rtld_fail, 1);
+				continue;
+			}
 			memcpy(reloc_addr, (void *)sym_val, sym->st_size);
 			break;
 		case REL_OFFSET32:
--
2.17.1