https://sourceware.org/bugzilla/show_bug.cgi?id=24385
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |mark at klomp dot org
Resolution|--- |FIXED
--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
This code is only triggered when stripping into a new file with -o. With that
it can be replicated under valgrind:
==1008== Command: src/strip -o POC1.stripped ./POC1
==1008==
==1008== Invalid read of size 4
==1008== at 0x804EB0A: handle_elf.constprop.2 (strip.c:1978)
==1008== by 0x804F2F7: process_file (strip.c:769)
==1008== by 0x8049AFF: main (strip.c:272)
==1008== Address 0xfec3c840 is not stack'd, malloc'd or (recently) free'd
==1008==
==1008==
==1008== Process terminating with default action of signal 11 (SIGSEGV)
==1008== Access not within mapped region at address 0xFEC3C840
The file is obviously illformed because the symbol refers to a non-existing
section. The fix is simple:
diff --git a/src/strip.c b/src/strip.c
index a73009d..4cd8750 100644
--- a/src/strip.c
+++ b/src/strip.c
@@ -1975,6 +1975,7 @@ handle_elf (int fd, Elf *elf, const char *prefix, const
ch
&& shndxdata->d_buf != NULL);
size_t sidx = (sym->st_shndx != SHN_XINDEX
? sym->st_shndx : xshndx);
+ elf_assert (sidx < shnum);
sec = shdr_info[sidx].idx;
if (sec != 0)
commit f03ac75239e0981deaf4aa18f66f423bcc5ce051
Author: Mark Wielaard <m...@klomp.org>
Date: Wed Mar 27 21:54:06 2019 +0100
strip: Files with symbols referring to non-existing sections are illformed
The check added in commit 4540ea98c "strip: Fix check test for SHN_XINDEX
symbol" was not complete. The (extended) section index should also exist.
If it doesn't exist, mark the file as illformed.
https://sourceware.org/bugzilla/show_bug.cgi?id=24385
Signed-off-by: Mark Wielaard <m...@klomp.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
