From 006f9ad8910c945cd50e54f6c34d8c27b11c1193 Mon Sep 17 00:00:00 2001 From: Benjamin Adolphi Date: Wed, 19 Feb 2014 00:50:32 +0100 Subject: [PATCH] Linker writes to wrong memory location when processing DT_MIPS_RLD_MAP When bionic's dynamic linker processes the .dynamic section of a MIPS ELF binary and encounters the DT_MIPS_RLD_MAP dynamic array tag, it calculates the address of where to write a pointer to the _r_debug structure. The current implementation simply reads the value given in the d_ptr field and writes the pointer address to that location. However, this value has to be adjusted to reflect the real load address of the binary. Otherwise the linker will write to a faulty location possibly resulting in a crash when linking a MIPS binary that includes DT_MIPS_RLD_MAP. This change corrects that problem. Change-Id: I1a91874f7ab47289001fe72d9016660c14c70362 Signed-off-by: Benjamin Adolphi --- linker/linker.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linker/linker.cpp b/linker/linker.cpp index ead9bd43d..156864c99 100755 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -1744,7 +1744,7 @@ static bool soinfo_link_image(soinfo* si) { case DT_MIPS_RLD_MAP: // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. { - r_debug** dp = reinterpret_cast(d->d_un.d_ptr); + r_debug** dp = reinterpret_cast(base + d->d_un.d_ptr); *dp = &_r_debug; } break;