This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [romain.r@free.fr: bug in readelf]

From: Nick Clifton <nickc at redhat dot com>
To: romain dot r at free dot fr, hjl at lucon dot org
Cc: binutils at sources dot redhat dot com
Date: Fri, 04 Jul 2003 11:31:45 +0100
Subject: Re: [romain.r@free.fr: bug in readelf]
References: <20030704031158.GA17238@lucon.org>

Hi Romain,

> If i put a big or negative value to the sh_size of the section
> .shtrtab, readelf segfault when it try to read the section headers.

Hmm, manually corrupting ELF binaries eh ? ;-)  Still readelf is
supposed to be able to handle such things...

> With hexedit i put 0xFFFFFFFF to the sh_size of the section .shtrtab.

> $ readelf -S ./ls
> There are 26 section headers, starting at offset 0x10444:
> readelf: Error: Out of memory allocating -1 bytes for string table
> Erreur de segmentation

The patch below should fix the segmentation fault.  It  also changes
the error message so that readelf no longer reports a signed value for
the size of the memory block it could not allocate.

Cheers
        Nick

        
2003-07-04  Nick Clifton  <nickc@redhat.com>

	* readelf.c (get_data): Print (unsigned) hex values for size and
	offset in error messages.
	(process_section_headers): If the string table could not be
	allocated, do not continue.

Index: binutils/readelf.c
===================================================================
RCS file: /cvs/src/src/binutils/readelf.c,v
retrieving revision 1.213
diff -c -3 -p -r1.213 readelf.c
*** binutils/readelf.c	1 Jul 2003 15:54:15 -0000	1.213
--- binutils/readelf.c	4 Jul 2003 10:37:19 -0000
*************** get_data (var, file, offset, size, reaso
*** 485,491 ****
  
    if (fseek (file, offset, SEEK_SET))
      {
!       error (_("Unable to seek to %x for %s\n"), offset, reason);
        return NULL;
      }
  
--- 485,491 ----
  
    if (fseek (file, offset, SEEK_SET))
      {
!       error (_("Unable to seek to 0x%x for %s\n"), offset, reason);
        return NULL;
      }
  
*************** get_data (var, file, offset, size, reaso
*** 496,502 ****
  
        if (mvar == NULL)
  	{
! 	  error (_("Out of memory allocating %d bytes for %s\n"),
  		 size, reason);
  	  return NULL;
  	}
--- 496,502 ----
  
        if (mvar == NULL)
  	{
! 	  error (_("Out of memory allocating 0x%x bytes for %s\n"),
  		 size, reason);
  	  return NULL;
  	}
*************** get_data (var, file, offset, size, reaso
*** 504,510 ****
  
    if (fread (mvar, size, 1, file) != 1)
      {
!       error (_("Unable to read in %d bytes of %s\n"), size, reason);
        if (mvar != var)
  	free (mvar);
        return NULL;
--- 504,510 ----
  
    if (fread (mvar, size, 1, file) != 1)
      {
!       error (_("Unable to read in 0x%x bytes of %s\n"), size, reason);
        if (mvar != var)
  	free (mvar);
        return NULL;
*************** process_section_headers (file)
*** 3767,3772 ****
--- 3767,3775 ----
        string_table = (char *) get_data (NULL, file, section->sh_offset,
  					section->sh_size, _("string table"));
  
+       if (string_table == NULL)
+ 	return 0;
+       
        string_table_length = section->sh_size;
      }

References:
- [romain.r@free.fr: bug in readelf]
  - From: H. J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]