Hi Omar,
On Wed, Mar 18, 2020 at 01:18:51PM -0700, Omar Sandoval wrote:
> __elf_getphdrnum_rdlock() handles PN_XNUM by getting sh_info from
> elf->state.elf{32,64}.scns.data[0].shdr.e{32,64}. However, that is only
> a cache that may or may not have been populated by elf_begin() or
> elf{32,64}_getshdr(); if it hasn't been cached yet, elf_getphdrnum()
> returns 65535 (the value of PN_XNUM) instead. We should explicitly get
> the shdr if it isn't cached.
I believe this analysis is correct. But how did you find this? This
seems to only happen if e_phnum was PN_XNUM and for some reason the
scns cache wasn't initialized. Do you happen to have a testcase?
Thanks,
Mark
