diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2021-08-18 09:11:06 +0200 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2021-08-21 09:43:23 +0200 |
| commit | bf62fda4ecab0dc44a0b823517d1cf22633adc25 (patch) | |
| tree | 6c764ed3cd0252104ee953f545d0d95b0fe87540 | |
| parent | 83864998bdc5da7cf593a3a06ba673c73e0e4f96 (diff) | |
| download | patchelf-bf62fda4ecab0dc44a0b823517d1cf22633adc25.tar.gz | |
fix use-after-free in normalizeNoteSegments
| -rw-r--r-- | src/patchelf.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/patchelf.cc b/src/patchelf.cc index 33c0949..4b7ef43 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -1025,6 +1025,7 @@ void ElfFile<ElfFileParamNames>::normalizeNoteSegments() [this](std::pair<const std::string, std::string> & i) { return rdi(findSection(i.first).sh_type) == SHT_NOTE; }); if (!replaced_note) return; + std::vector<Elf_Phdr> newPhdrs; for (auto & phdr : phdrs) { if (rdi(phdr.p_type) != PT_NOTE) continue; @@ -1061,11 +1062,13 @@ void ElfFile<ElfFileParamNames>::normalizeNoteSegments() if (curr_off == start_off) phdr = new_phdr; else - phdrs.push_back(new_phdr); + newPhdrs.push_back(new_phdr); curr_off += size; } } + phdrs.insert(phdrs.end(), newPhdrs.begin(), newPhdrs.end()); + wri(hdr->e_phnum, phdrs.size()); } |