This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Fix for readelf seg fault
- To: binutils at sources dot redhat dot com
- Subject: Fix for readelf seg fault
- From: Nick Clifton <nickc at redhat dot com>
- Date: Tue, 16 Jan 2001 15:23:00 -0800
Hi Guys,
Whilst trying to track down a bug, I discovered that readelf would
seg fault if given a badly corrupted object file as input. Since I
believe that no tool should unintentionally core dump, I am applying
the patch below to fix this.
It catches corrupted section name indices which address memory
outside of the string table, and instead calls the section
'<corrupt>'.
Cheers
Nick
2001-01-16 Nick Clifton <nickc@redhat.com>
* readelf.c (string_table_length): New variable.
(SECTION_NAME): Catch out of range indices and missing section
pointers.
(process_section_headers): Delete useless local variable
string_table_offset. Set the value of string_table_length
after loading the string table.
(process_mips_specific): Use SECTION_NAME macro.
(process_file): Set string_table_length to 0 when it is freed.
Index: binutils/readelf.c
===================================================================
RCS file: /cvs/src//src/binutils/readelf.c,v
retrieving revision 1.84
diff -p -r1.84 readelf.c
*** readelf.c 2000/12/12 20:58:46 1.84
--- readelf.c 2001/01/16 23:21:00
***************
*** 1,5 ****
/* readelf.c -- display contents of an ELF format file
! Copyright (C) 1998, 99, 2000 Free Software Foundation, Inc.
Originally developed by Eric Youngdale <eric@andante.jic.com>
Modifications by Nick Clifton <nickc@cygnus.com>
--- 1,5 ----
/* readelf.c -- display contents of an ELF format file
! Copyright (C) 1998, 99, 2000, 2001 Free Software Foundation, Inc.
Originally developed by Eric Youngdale <eric@andante.jic.com>
Modifications by Nick Clifton <nickc@cygnus.com>
*************** unsigned int rela_addr;
*** 85,90 ****
--- 85,91 ----
unsigned int rela_size;
char * dynamic_strings;
char * string_table;
+ unsigned long string_table_length;
unsigned long num_dynamic_syms;
Elf_Internal_Sym * dynamic_symbols;
Elf_Internal_Syminfo * dynamic_syminfo;
*************** typedef int Elf32_Word;
*** 232,238 ****
#endif
#define UNKNOWN -1
! #define SECTION_NAME(X) (string_table + (X)->sh_name)
#define DT_VERSIONTAGIDX(tag) (DT_VERNEEDNUM - (tag)) /* Reverse order! */
--- 233,241 ----
#endif
#define UNKNOWN -1
! #define SECTION_NAME(X) ((X) == NULL ? "<none>" : \
! ((X)->sh_name >= string_table_length \
! ? "<corrupt>" : string_table + (X)->sh_name))
#define DT_VERSIONTAGIDX(tag) (DT_VERNEEDNUM - (tag)) /* Reverse order! */
*************** process_section_headers (file)
*** 2712,2723 ****
if (section->sh_size != 0)
{
- unsigned long string_table_offset;
-
- string_table_offset = section->sh_offset;
-
GET_DATA_ALLOC (section->sh_offset, section->sh_size,
string_table, char *, "string table");
}
/* Scan the sections for the dynamic symbol table
--- 2715,2724 ----
if (section->sh_size != 0)
{
GET_DATA_ALLOC (section->sh_offset, section->sh_size,
string_table, char *, "string table");
+
+ string_table_length = section->sh_size;
}
/* Scan the sections for the dynamic symbol table
*************** process_mips_specific (file)
*** 7445,7451 ****
}
printf (_("\nSection '%s' contains %d entries:\n"),
! string_table + sect->sh_name, cnt);
option = iopt;
--- 7446,7452 ----
}
printf (_("\nSection '%s' contains %d entries:\n"),
! SECTION_NAME (sect), cnt);
option = iopt;
*************** process_file (file_name)
*** 8004,8009 ****
--- 8005,8011 ----
{
free (string_table);
string_table = NULL;
+ string_table_length = 0;
}
if (dynamic_strings)