From d73b5cafa0ef381f7c63a75e968fb7eec8e9f555 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 16 Mar 2012 11:38:58 -0700
Subject: [PATCH] linker: fix off-by-one error in GNU_RELRO handling

Fix a bug where the GNU_RELRO end address could be exactly
the end of the loadable segment.

Change-Id: If6c43acabc06e9aff9217c0f6016e158b28bb41f
---
 linker/linker.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linker/linker.c b/linker/linker.c
index 74638110a..17d8555d1 100644
--- a/linker/linker.c
+++ b/linker/linker.c
@@ -1032,7 +1032,7 @@ load_segments(int fd, void *header, soinfo *si)
             si->dynamic = (unsigned *)(base + phdr->p_vaddr);
         } else if (phdr->p_type == PT_GNU_RELRO) {
             if ((phdr->p_vaddr >= si->size)
-                    || ((phdr->p_vaddr + phdr->p_memsz) >= si->size)
+                    || ((phdr->p_vaddr + phdr->p_memsz) > si->size)
                     || ((base + phdr->p_vaddr + phdr->p_memsz) < base)) {
                 DL_ERR("%d invalid GNU_RELRO in '%s' "
                        "p_vaddr=0x%08x p_memsz=0x%08x", pid, si->name,
@@ -1781,7 +1781,7 @@ static int link_image(soinfo *si, unsigned wr_offset)
                 si->dynamic = (unsigned *) (si->base + phdr->p_vaddr);
             } else if (phdr->p_type == PT_GNU_RELRO) {
                 if ((phdr->p_vaddr >= si->size)
-                        || ((phdr->p_vaddr + phdr->p_memsz) >= si->size)
+                        || ((phdr->p_vaddr + phdr->p_memsz) > si->size)
                         || ((si->base + phdr->p_vaddr + phdr->p_memsz) < si->base)) {
                     DL_ERR("%d invalid GNU_RELRO in '%s' "
                            "p_vaddr=0x%08x p_memsz=0x%08x", pid, si->name,