This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: Various SIGFPEs on sh_entsize == 0
- From: Roland McGrath <roland at hack dot frob dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Wed, 23 Mar 2011 07:09:26 -0700
- Subject: Re: Various SIGFPEs on sh_entsize == 0
> I assume the usage of the result of gelf_fsize for sh_entsize instead of
> shdr->sh_entsize directly helps guard against some of the same issues.
I haven't looked at that lately.
> But it doesn't seem to be used consistently on the branch, so Petr's
> patch still makes sense to me. Maybe combined with the robustify branch
> approach. There were a couple more interesting fixes on that branch.
> What is preventing them to be merged with master? Need a more close
> review? Are these used by default on fedora?
Long ago Uli objected to putting the changes on the trunk. You can see if
he's changed his mind. His position was that libdw need not handle utterly
ill-formed data. It's only produced by malice, data corruption, or extreme
tool bugs, and people should not be using libdw-based tools on random data
that might be so bogus (and to a lesser extent, same for libelf). A chief
purposed of the lowest level of elflint and dwarflint checks is to ensure
that libelf/libdw will not crash on the data.
This attitude is generally frowned upon by admins, who like to run
eu-readelf on random untrusted files and so forth. But Uli did not
agree that was proper admin behavior.
By this standard, any check that only hits on abjectly bad data and adds
any code at all to any common paths should go only on the robustify branch.
But, the existing code does have various checks for bad offsets in the data
and so forth, so it has not been hewn closely to.
The robustify patch is always applied in the Fedora package. Its purpose
is to ensure that no data file whatsoever can cause libelf, libdw, or an
eu-* tool to crash and dump core.
Thanks,
Roland