[Midnightbsd-cvs] [MidnightBSD/src] 9d6606: imgact_elf: Fix off-by-one in note size check

Mark Peek noreply at github.com
Sun Jan 18 16:51:04 EST 2026 

  Branch: refs/heads/master
  Home:   https://github.com/MidnightBSD/src
  Commit: 9d660618b22835cd776c0c31488de3578d688154
      https://github.com/MidnightBSD/src/commit/9d660618b22835cd776c0c31488de3578d688154
  Author: Jessica Clarke <jrtc27 at FreeBSD.org>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M sys/kern/imgact_elf.c

  Log Message:
  -----------
  imgact_elf: Fix off-by-one in note size check

Prior to c86af2cc4cd1 ("imgact_elf: Check note body sizes"), this was
note_name + n_namesz >= note_end, which checks that there is at least
one byte after the unpadded name (which could be either padding or
data), and given our notes always have data with them this was fine.
However, once we started checking the padded name (note that "FreeBSD\0"
is already a multiple of 4 bytes, so has no padding) and data, this
turned into checking that there is at least one byte after the unpadded
data, and since our ELF notes already have a multiple of 4 bytes for
their data and therefore have no padding, this means that we are now
checking that there is at least one byte after the ELF note, which is
not going to be the case for the last ELF note. Instead, switch this to
a strict greater than, as should be used when comparing one-past-the-end
pointers, which both sides of the inequality are.

For executables, this was generally not a problem in reality, since the
last of our ELF notes is NT_FREEBSD_NOINIT_TAG, which isn't read by the
kernel. However, ld-elf.so.1 (and libcompat variants), like shared
libraries, only has NT_FREEBSD_ABI_TAG, which meant the kernel did not
see this ELF note when directly executing it (e.g. as done by ldd), and
on RISC-V this is the only branding present, so doing so would fail with
ENOEXEC. This does also mean on non-RISC-V direct exec ld-elf.so.1 runs
with the wrong p_osrel, but given it sets kern.proc.osrel.PID to the
executable's NT_FREEBSD_ABI_TAG that it loads, this probably doesn't
matter in practice.

PR:		291446
Reported by:	bdragon
Tested by:	bdragon
Fixes:		c86af2cc4cd1 ("imgact_elf: Check note body sizes")
MFC after:	3 days

(cherry picked from commit 5d58198ccc2b562098ee5fc4898013622b32b065)


  Commit: 4e16ef565e758467d5410d66e479203ef09f0c97
      https://github.com/MidnightBSD/src/commit/4e16ef565e758467d5410d66e479203ef09f0c97
  Author: John Baldwin <jhb at FreeBSD.org>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M tools/build/cross-build/include/mac/string.h

  Log Message:
  -----------
  cross-build: Workaround system-provided strchrnul on macOS 15.4+

macOS added a native strchrnul in 15.4.  There is not an easy way to
detect it at compile time, so use a macro to rename our local inline
version to avoid conflicts while also forcing its use during
bootstrap.  The local version can be removed once macOS versions older
than 15.4 are no longer supported as build hosts.

Co-authored by:	jrtc27
Reported by:	kib
Reviewed by:	jrtc27
Differential Revision:	https://reviews.freebsd.org/D49893

(cherry picked from commit 4e2616b74cb7eed921aa10fb776cdc2d5fd4e42f)


  Commit: 79ff424282df2e6adf05bea40d694fbcb356e33d
      https://github.com/MidnightBSD/src/commit/79ff424282df2e6adf05bea40d694fbcb356e33d
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M usr.bin/kyua/Makefile

  Log Message:
  -----------
  attempt to source sysroot elsewhere


  Commit: ff50e5cdb835a8558bd611841ae4453aae28417b
      https://github.com/MidnightBSD/src/commit/ff50e5cdb835a8558bd611841ae4453aae28417b
  Author: Jessica Clarke <jrtc27 at FreeBSD.org>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M sys/conf/Makefile.mips

  Log Message:
  -----------
  mips: Drop unused TRAMP_LDFLAGS

This has always been empty since e8dce5b9b3a5 ("Complete the integration
of tbemd branch into head.").

This is a direct commit to stable/13 as mips no longer exists in main.


  Commit: 98c231fe430976be5f7c0a1b5cdb79ab73209422
      https://github.com/MidnightBSD/src/commit/98c231fe430976be5f7c0a1b5cdb79ab73209422
  Author: Ed Maste <emaste at FreeBSD.org>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M sys/modules/agp/Makefile

  Log Message:
  -----------
  agp: Export intel_gtt_read_pte, required by i915kms

This isn't used by modern cards, but is needed for i915kms to load
on a system that has agp as a module not compiled into the kernel.

PR:		291214
Reviewed by:	cy
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53906

(cherry picked from commit a87c1e2dd8fc997d6ee603c252c543afe8a4d2a4)
(cherry picked from commit 8befd2d2b6a0c5d54fa53246a89ae09009007799)
(cherry picked from commit ae1f6fd47c4584d1abe5ecf26f291d282e6f6a67)


  Commit: 052979e7c564d21bfa49eda9a0f8feb481deb22c
      https://github.com/MidnightBSD/src/commit/052979e7c564d21bfa49eda9a0f8feb481deb22c
  Author: Mark Peek <mp at FreeBSD.org>
  Date:   2026-01-18 (Sun, 18 Jan 2026)

  Changed paths:
    M cddl/contrib/opensolaris/tools/ctf/cvt/barrier.c
    M cddl/contrib/opensolaris/tools/ctf/cvt/barrier.h

  Log Message:
  -----------
  ctfmerge: fix segfault when building on macOS

The barrier code was using semaphores which have been deprecated in
macOS and not working at all, causing a race condition. Since macOS
does not have pthread_barrier_*(), this change uses a condition
variable instead.

PR:		290958
Reported by:	wosch
Reviewed by:	imp, markj
Differential Revision:	https://reviews.freebsd.org/D54018

(cherry picked from commit 732b4aa05d78ca6831d02e67a43f34ad104f4f01)


Compare: https://github.com/MidnightBSD/src/compare/f5b1485cad9c...052979e7c564

To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications

More information about the Midnightbsd-cvs mailing list