vmm: Fix use-after-free in load_elf()
authorBarret Rhoden <brho@cs.berkeley.edu>
Tue, 6 Jun 2017 19:45:57 +0000 (15:45 -0400)
committerBarret Rhoden <brho@cs.berkeley.edu>
Tue, 6 Jun 2017 19:48:12 +0000 (15:48 -0400)
elf_end() frees various structures, so you can't access ehdr anymore.  This
was caught by electric fence.

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
user/vmm/load_elf.c

index 7ab92fd..dae09dd 100644 (file)
@@ -19,6 +19,7 @@ load_elf(char *filename)
        size_t phnum = 0;
        Elf64_Phdr *hdrs;
        int fd;
+       uintptr_t ret;
 
        elf_version(EV_CURRENT);
        fd = open(filename, O_RDONLY);
@@ -100,8 +101,9 @@ load_elf(char *filename)
        }
 
        close(fd);
+       ret = ehdr->e_entry;
        elf_end(elf);
-       return ehdr->e_entry;
+       return ret;
 fail:
        close(fd);
        elf_end(elf);