bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: readelf reporting of e_shstrndx is slightly wrong

From: Mike Murphy
Subject: RE: readelf reporting of e_shstrndx is slightly wrong
Date: Tue, 21 Aug 2018 23:09:04 +0000 
I think an example would help explain this.  Below is part of the output from 
readelf -h on an elf object I have which has 210016 sections, but puts the 
section header string table at section 1.  So e_shstrndx is 1, but e_shnum is 
0.  My reading of the elf standard is that this is legal, but readelf complains 
due to the check header->e_shstrndx >= header->e_shnum:
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         0
  Size of section headers:           64 (bytes)
  Number of section headers:         0 (210016)
  Section header string table index: 1 <corrupt: out of range>

The code in readelf seems to assume that if there are > 0xff00 sections then 
shstrndx will be one of those sections that are > 0xff00.

-----Original Message-----
From: Nick Clifton <address@hidden> 
Sent: Tuesday, August 21, 2018 8:32 AM
To: Mike Murphy <address@hidden>; address@hidden
Subject: Re: readelf reporting of e_shstrndx is slightly wrong

Hi Mike,

> If the file has no section name string table, this member holds the value 
> |SHN_UNDEF|. 
> If the section name string table section index is greater than or 
> equal to |SHN_LORESERVE| (|0xff00|), this member has the value 
> |SHN_XINDEX| (|0xffff|)

> The current readelf -h seems to assume that if there are more than 0xff00 
> sections, then the shstrndx will also be past that.  But there is nothing to 
> prevent the section name string table from being section 1, in which case 
> e_shstrndx should just be 1.  But the readelf implementation has:
> 
>                else if (elf_header.e_shstrndx != SHN_UNDEF && 
> elf_header.e_shstrndx >= elf_header.e_shnum)
> 
>                    printf(_("<corrupt: out of range>"));

I disagree.  The readelf code actually looks like this:

     if (filedata->section_headers != NULL
          && header->e_shstrndx == (SHN_XINDEX & 0xffff))
        printf (" (%u)", filedata->section_headers[0].sh_link);
      else if (header->e_shstrndx != SHN_UNDEF
               && header->e_shstrndx >= header->e_shnum)
        printf (_(" <corrupt: out of range>"));
   
There is no check that the file itself has more than 0xff00 sections.
Instead it checks to see if the e_shstrndx field is SHN_XINDEX and if so it 
follows the link.  Otherwise it checks that the index is either SHN_UNDEF or a 
valid section number.

Note - the use if "& 0xffff" in the above code is confusing, and looks surplus 
to me, but I do not think that it makes any difference to the behaviour.

Cheers
  Nick
reply via email to
[Prev in Thread] Current Thread [Next in Thread]