diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2021-08-18 09:11:06 +0200 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2021-08-18 09:11:27 +0200 |
| commit | 671f0cff5158f0320753666f65925c3c64fd76c9 (patch) | |
| tree | be97ddd9b845941272d55a0fb7fc9f90aa4309fc | |
| parent | 0121f5ebad06d36ad1411746d086ea78852297c8 (diff) | |
| download | patchelf-use-after-free.tar.gz | |
fix use-after-free in normalizeNoteSegmentsuse-after-free
| -rw-r--r-- | src/patchelf.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/patchelf.cc b/src/patchelf.cc index 1080e6b..86a51ac 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -1011,6 +1011,7 @@ void ElfFile<ElfFileParamNames>::normalizeNoteSegments() [this](std::pair<const std::string, std::string> & i) { return rdi(findSection(i.first).sh_type) == SHT_NOTE; }); if (!replaced_note) return; + std::vector<Elf_Phdr> newPhdrs; for (auto & phdr : phdrs) { if (rdi(phdr.p_type) != PT_NOTE) continue; @@ -1047,11 +1048,13 @@ void ElfFile<ElfFileParamNames>::normalizeNoteSegments() if (curr_off == start_off) phdr = new_phdr; else - phdrs.push_back(new_phdr); + newPhdrs.push_back(new_phdr); curr_off += size; } } + phdrs.insert(phdrs.end(), newPhdrs.begin(), newPhdrs.end()); + wri(hdr->e_phnum, phdrs.size()); } |