From 7eeac8ca54d65e1db8206566f64bfa276bb410d9 Mon Sep 17 00:00:00 2001 From: Mike Hommey Date: Fri, 21 Jun 2024 22:19:57 +0000 Subject: [PATCH] Bug 1903021 - Avoid use after vector resize. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D214330 Differential Revision: https://phabricator.services.mozilla.com/D214487 --- build/unix/elfhack/elfhack.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/build/unix/elfhack/elfhack.cpp b/build/unix/elfhack/elfhack.cpp index 719d4ac8f5c4..baedadedf0d3 100644 --- a/build/unix/elfhack/elfhack.cpp +++ b/build/unix/elfhack/elfhack.cpp @@ -1116,7 +1116,7 @@ int do_relocation_section(Elf* elf, unsigned int rel_type, // can actually use it) if (elf->getSegmentByType(PT_GNU_RELRO)) { ElfSection* gnu_versym = dyn->getSectionForType(DT_VERSYM); - auto lookup = [&symtab, &gnu_versym](const char* symbol) { + auto ensure_symbol = [&symtab, &gnu_versym](const char* symbol) { Elf_SymValue* sym_value = symtab->lookup(symbol, STT(FUNC)); if (!sym_value) { symtab->syms.emplace_back(); @@ -1138,11 +1138,13 @@ int do_relocation_section(Elf* elf, unsigned int rel_type, gnu_versym->grow(gnu_versym->getSize() + gnu_versym->getEntSize()); } } - return sym_value; }; - - Elf_SymValue* mprotect = lookup("mprotect"); - Elf_SymValue* sysconf = lookup("sysconf"); + // ensure_symbol may trigger a symbol table vector resize, so only lookup + // the symbols after we're done touching the symbol table. + ensure_symbol("mprotect"); + ensure_symbol("sysconf"); + Elf_SymValue* mprotect = symtab->lookup("mprotect", STT(FUNC)); + Elf_SymValue* sysconf = symtab->lookup("sysconf", STT(FUNC)); // Add relocations for the mprotect and sysconf symbols. auto add_relocation_to = [&new_rels, &symtab, rel_type2](