jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Defend against SIGSEGV due to decompressor overrun of output.

Browse Source 
committer: jreiser <jreiser> 959230562 +0000
This commit is contained in:
John Reiser 2000-05-25 04:56:02 +00:00
parent f9c33255c5
commit b12a57aa44
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/stub/l_lx_exec.c
View File

@ -165,6 +165,10 @@ void upx_main(
} malloc_args = { } malloc_args = {
0, 0, PROT_READ | PROT_WRITE, MAP_SHARED, 0, 0 0, 0, PROT_READ | PROT_WRITE, MAP_SHARED, 0, 0
}; };
static struct MallocArgs scratch_page = {
0, -PAGE_MASK, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, 0, 0
};
// //
// ----- Step 0: set /proc/self using /proc/<pid> ----- // ----- Step 0: set /proc/self using /proc/<pid> -----
@ -265,6 +269,10 @@ void upx_main(
if ((unsigned long) buf >= (unsigned long) -4095) if ((unsigned long) buf >= (unsigned long) -4095)
goto error; goto error;
// Decompressor can overrun the output by 3 bytes.
// Defend against SIGSEGV by using a scratch page.
scratch_page.ma_addr = buf + (PAGE_MASK & (header.p_filesize + ~PAGE_MASK));
mmap((int *)&scratch_page);
// //
// ----- Step 4: decompress blocks ----- // ----- Step 4: decompress blocks -----