[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/17531] readelf crashes on fuzzed samples
|
From: |
cvs-commit at gcc dot gnu.org |
|
Subject: |
[Bug binutils/17531] readelf crashes on fuzzed samples |
|
Date: |
Fri, 24 Feb 2017 13:52:10 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17531
--- Comment #98 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Maciej W. Rozycki <address@hidden>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c9f02c3e29498fd9ecb1a9719c317c305fe509ae
commit c9f02c3e29498fd9ecb1a9719c317c305fe509ae
Author: Maciej W. Rozycki <address@hidden>
Date: Thu Feb 23 18:16:11 2017 +0000
readelf: Fix incorrect "Version definition past end of section" message
Fix a commit 74e1a04b9787 ("More fixes for reading corrupt ELF files.")
`readelf --version-info' regression that caused "Version definition past
end of section" to be always printed at the end, even with good section
data.
For example with the `mips-linux' target we get:
$ cat ver_def.s
.data
.globl new_foo
.type new_foo, %object
new_foo:
.symver new_foo, foo@@ver_foo
$ cat ver_def.ver
{ global: *foo*; local: *; };
$ as -o ver_def.o ver_def.s
$ ld -e 0 --export-dynamic --version-script=ver_def.ver -o ver_def
ver_def.o
$ readelf -V ver_def
Version symbols section '.gnu.version' contains 4 entries:
Addr: 000000000000007e Offset: 0x01007e Link: 2 (.dynsym)
000: 0 (*local*) 2 (ver_foo) 1 (*global*) 2 (ver_foo)
Version definition section '.gnu.version_d' contains 2 entries:
Addr: 0x0000000000000088 Offset: 0x010088 Link: 3 (.dynstr)
000000: Rev: 1 Flags: BASE Index: 1 Cnt: 1 Name: ver_def
0x001c: Rev: 1 Flags: none Index: 2 Cnt: 1 Name: ver_foo
Version definition past end of section
$
The cause is the `if (idx + ent.vd_next <= idx)' condition introduced to
ensure forward progress, which however always triggers for good version
definition section data as the last entry will have its `vd_next' value
set to 0.
Adjust the condition then, to say `if (idx + ent.vd_next < idx)' instead
and to ensure forward progress limit the number of entries processed to
the size of the version definition section, removing the problematic
message from output quoted above, while ensuring the original PR 17531
test case is still handled gracefully.
Add a suitable test case so that we have `readelf --version-info'
coverage; due to the lack of infrastructure needed to run the linker in
the `binutils' test suite and limited justification to implement it add
a new `readelf.exp' script to the `ld' test suite instead, intended to
gather any `readelf' test cases that require the linker to be run. If
ever we decide to have linker infrastructure added to the `binutils'
test suite, then the script can be moved between the test suites.
binutils/
* readelf.c (process_version_sections) <SHT_GNU_verdef>: Limit
the number of entries processed by the section size. Don't
break out of the loop if `ent.vd_next' is 0.
ld/
* testsuite/ld-elf/ver_def.d: New test.
* testsuite/ld-elf/ver_def.ld: New test linker script.
* testsuite/ld-elf/ver_def.ver: New test version script.
* testsuite/ld-elf/ver_def.s: New test source.
* testsuite/ld-elf/readelf.exp: New test script.
--
You are receiving this mail because:
You are on the CC list for the bug.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug binutils/17531] readelf crashes on fuzzed samples,
cvs-commit at gcc dot gnu.org <=