[Backport]ldconfig: handle .dynstr located in separate segment (bug 25087)

Signed-off-by: Lv Ying <lvying6@huawei.com>

backport-ldconfig-handle-.dynstr-located-in-separate-segment-.patch

@@ -0,0 +1,91 @@
+From 58e8f5fd2ba47b6dc47fd4d0a35e4175c7c87aaa Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Wed, 9 Oct 2019 17:46:47 +0200
+Subject: [PATCH] ldconfig: handle .dynstr located in separate segment (bug
+ 25087)
+
+To determine the load offset of the DT_STRTAB section search for the
+segment containing it, instead of using the load offset of the first
+segment.
+---
+ elf/readelflib.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/elf/readelflib.c b/elf/readelflib.c
+index 09f5858426e2..499cccbcfcc1 100644
+--- a/elf/readelflib.c
++++ b/elf/readelflib.c
+@@ -45,7 +45,6 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+ {
+   int i;
+   unsigned int j;
+-  ElfW(Addr) loadaddr;
+   unsigned int dynamic_addr;
+   size_t dynamic_size;
+   char *program_interpreter;
+@@ -87,7 +86,6 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+      libc5/libc6.  */
+   *flag = FLAG_ELF;
+ 
+-  loadaddr = -1;
+   dynamic_addr = 0;
+   dynamic_size = 0;
+   program_interpreter = NULL;
+@@ -98,11 +96,6 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+ 
+       switch (segment->p_type)
+ 	{
+-	case PT_LOAD:
+-	  if (loadaddr == (ElfW(Addr)) -1)
+-	    loadaddr = segment->p_vaddr - segment->p_offset;
+-	  break;
+-
+ 	case PT_DYNAMIC:
+ 	  if (dynamic_addr)
+ 	    error (0, 0, _("more than one dynamic segment\n"));
+@@ -176,11 +169,6 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+ 	}
+ 
+     }
+-  if (loadaddr == (ElfW(Addr)) -1)
+-    {
+-      /* Very strange. */
+-      loadaddr = 0;
+-    }
+ 
+   /* Now we can read the dynamic sections.  */
+   if (dynamic_size == 0)
+@@ -197,7 +185,29 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+       check_ptr (dyn_entry);
+       if (dyn_entry->d_tag == DT_STRTAB)
+ 	{
+-	  dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadaddr);
++	  /* Find the file offset of the segment containing the dynamic
++	     string table.  */
++	  ElfW(Off) loadoff = -1;
++	  for (i = 0, segment = elf_pheader;
++	       i < elf_header->e_phnum; i++, segment++)
++	    {
++	      if (segment->p_type == PT_LOAD
++		  && dyn_entry->d_un.d_val >= segment->p_vaddr
++		  && (dyn_entry->d_un.d_val - segment->p_vaddr
++		      < segment->p_filesz))
++		{
++		  loadoff = segment->p_vaddr - segment->p_offset;
++		  break;
++		}
++	    }
++	  if (loadoff == (ElfW(Off)) -1)
++	    {
++	      /* Very strange. */
++	      loadoff = 0;
++	    }
++
++	  dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val
++				      - loadoff);
+ 	  check_ptr (dynamic_strings);
+ 	  break;
+ 	}
+-- 
+2.18.4
+

glibc.spec

@@ -59,7 +59,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.28
-Release: 	70
+Release: 	71
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -128,6 +128,7 @@ Patch44: backport-CVE-2021-33574-0001-Fix-mq_notify-bug-27896.patch
 Patch45: backport-CVE-2021-33574-0002-Fix-mq_notify-bug-27896.patch
 Patch46: backport-aarch64-align-stack-in-clone-BZ-27939.patch
 Patch47: backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch 
+Patch48: backport-ldconfig-handle-.dynstr-located-in-separate-segment-.patch
 
 Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
 
@@ -1152,6 +1153,10 @@ fi
 %doc hesiod/README.hesiod
 
 %changelog
+* Wed Jun 30 2021 lvying<lvying6@huawei.com> - 2.28-71
+- ldconfig: handle .dynstr located in separate segment (bug 25087)
+  https://sourceware.org/git/?p=glibc.git;a=commit;h=58e8f5fd2ba47b6dc47fd4d0a35e4175c7c87aaa
+
 * Sat Jun 26 2021 Qingqing Li<liqingqing3@huawei.com> - 2.28-70
 - enable patches to fix bug 27939 and 27902