This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: [romain.r@free.fr: bug in readelf]
- From: Nick Clifton <nickc at redhat dot com>
- To: romain dot r at free dot fr, hjl at lucon dot org
- Cc: binutils at sources dot redhat dot com
- Date: Fri, 04 Jul 2003 11:31:45 +0100
- Subject: Re: [romain.r@free.fr: bug in readelf]
- References: <20030704031158.GA17238@lucon.org>
Hi Romain,
> If i put a big or negative value to the sh_size of the section
> .shtrtab, readelf segfault when it try to read the section headers.
Hmm, manually corrupting ELF binaries eh ? ;-) Still readelf is
supposed to be able to handle such things...
> With hexedit i put 0xFFFFFFFF to the sh_size of the section .shtrtab.
> $ readelf -S ./ls
> There are 26 section headers, starting at offset 0x10444:
> readelf: Error: Out of memory allocating -1 bytes for string table
> Erreur de segmentation
The patch below should fix the segmentation fault. It also changes
the error message so that readelf no longer reports a signed value for
the size of the memory block it could not allocate.
Cheers
Nick
2003-07-04 Nick Clifton <nickc@redhat.com>
* readelf.c (get_data): Print (unsigned) hex values for size and
offset in error messages.
(process_section_headers): If the string table could not be
allocated, do not continue.
Index: binutils/readelf.c
===================================================================
RCS file: /cvs/src/src/binutils/readelf.c,v
retrieving revision 1.213
diff -c -3 -p -r1.213 readelf.c
*** binutils/readelf.c 1 Jul 2003 15:54:15 -0000 1.213
--- binutils/readelf.c 4 Jul 2003 10:37:19 -0000
*************** get_data (var, file, offset, size, reaso
*** 485,491 ****
if (fseek (file, offset, SEEK_SET))
{
! error (_("Unable to seek to %x for %s\n"), offset, reason);
return NULL;
}
--- 485,491 ----
if (fseek (file, offset, SEEK_SET))
{
! error (_("Unable to seek to 0x%x for %s\n"), offset, reason);
return NULL;
}
*************** get_data (var, file, offset, size, reaso
*** 496,502 ****
if (mvar == NULL)
{
! error (_("Out of memory allocating %d bytes for %s\n"),
size, reason);
return NULL;
}
--- 496,502 ----
if (mvar == NULL)
{
! error (_("Out of memory allocating 0x%x bytes for %s\n"),
size, reason);
return NULL;
}
*************** get_data (var, file, offset, size, reaso
*** 504,510 ****
if (fread (mvar, size, 1, file) != 1)
{
! error (_("Unable to read in %d bytes of %s\n"), size, reason);
if (mvar != var)
free (mvar);
return NULL;
--- 504,510 ----
if (fread (mvar, size, 1, file) != 1)
{
! error (_("Unable to read in 0x%x bytes of %s\n"), size, reason);
if (mvar != var)
free (mvar);
return NULL;
*************** process_section_headers (file)
*** 3767,3772 ****
--- 3767,3775 ----
string_table = (char *) get_data (NULL, file, section->sh_offset,
section->sh_size, _("string table"));
+ if (string_table == NULL)
+ return 0;
+
string_table_length = section->sh_size;
}