From 3f1ab59a5db1f5c5d943c37981179621d44619d2 Mon Sep 17 00:00:00 2001 From: Markus Wichmann Date: Sat, 5 Sep 2020 08:35:57 +0200 Subject: [PATCH] Fix oversight in mmap_fixed(). If the read() call in this function ever did return EINTR (which there is an explicit exception for), then the pointers would be backed off by one, resulting in the file contents being loaded in shifted by one byte. And if that happens in the first run through the loop, one byte in front of the destination buffer would be overwritten, which is invalid. --- ldso/dynlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ldso/dynlink.c b/ldso/dynlink.c index f7474743..51c4c004 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -576,7 +576,8 @@ static void *mmap_fixed(void *p, size_t n, int prot, int flags, int fd, off_t of for (q=p; n; q+=r, off+=r, n-=r) { r = read(fd, q, n); if (r < 0 && errno != EINTR) return MAP_FAILED; - if (!r) { + else if (r < 0) r = 0; + else if (!r) { memset(q, 0, n); break; } -- 2.17.1