[Bug tools/21310] New: eu-elflint: heap-based buffer overflow in check_symtab_shndx (elflint.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21310 Bug ID: 21310 Summary: eu-elflint: heap-based buffer overflow in check_symtab_shndx (elflint.c) Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: tools Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9944 --> https://sourceware.org/bugzilla/attachment.cgi?id=9944&action=edit stacktrace On elfutils-0.168: # eu-elflint -d $FILE READ of size 4 at 0x6020efd0 thread T0 #0 0x4267eb in check_symtab_shndx /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:1961 Compiled with: gcc-6.3.0 Reproducer: https://github.com/asarubbo/poc/blob/master/00234-elfutils-heapoverflow-check_symtab_shndx Stacktrace attached. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Bug ID: 21311 Summary: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: tools Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9945 --> https://sourceware.org/bugzilla/attachment.cgi?id=9945&action=edit stacktrace Hoping that it has not the same root cause of bug 21310. On elfutils-0.168: # eu-elflint -d $FILE READ of size 4 at 0x60b0aff4 thread T0 #0 0x40b36a in check_sysv_hash /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:2020 Compiled with: gcc-6.3.0 Reproducer: https://github.com/asarubbo/poc/blob/master/00235-elfutils-heapoverflow-check_sysv_hash Stacktrace attached. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug tools/21312] New: eu-elflint: memory allocation failure in xcalloc (xmalloc.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21312 Bug ID: 21312 Summary: eu-elflint: memory allocation failure in xcalloc (xmalloc.c) Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: tools Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9946 --> https://sourceware.org/bugzilla/attachment.cgi?id=9946&action=edit stacktrace On elfutils-0.168: # eu-elflint -d $FILE ==5053==AddressSanitizer CHECK failed: /tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #7 0x431b8d in xcalloc /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/lib/xmalloc.c:64 Compiled with: gcc-6.3.0 Reproducer: https://github.com/asarubbo/poc/blob/master/00236-elfutils-memallocfailure Stacktrace attached. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libelf/21315] New: multiple misaligned address errors
https://sourceware.org/bugzilla/show_bug.cgi?id=21315 Bug ID: 21315 Summary: multiple misaligned address errors Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: libelf Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9947 --> https://sourceware.org/bugzilla/attachment.cgi?id=9947&action=edit errors On elfutils-0.168: # eu-elflint -d $FILE libelf/elf32_getshdr.c:140:8: runtime error: member access within misaligned address 0x7fa161766002 for type 'struct Elf64_Shdr', which requires 8 byte alignment Compiled with: gcc-6.3.0 Visible with: -fsanitize=undefined Reproducer: https://github.com/asarubbo/poc/blob/master/00237-elfutils-misalignedaddress1 Errors attached. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libelf/21315] multiple misaligned address errors for Elf64_Shdr
https://sourceware.org/bugzilla/show_bug.cgi?id=21315 Agostino Sarubbo changed: What|Removed |Added Summary|multiple misaligned address |multiple misaligned address |errors |errors for Elf64_Shdr -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libelf/21316] New: multiple misaligned address errors for Elf32_Phdr
https://sourceware.org/bugzilla/show_bug.cgi?id=21316 Bug ID: 21316 Summary: multiple misaligned address errors for Elf32_Phdr Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: libelf Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9948 --> https://sourceware.org/bugzilla/attachment.cgi?id=9948&action=edit errors On elfutils-0.168: # eu-elflint -d $FILE libelf/gelf_getphdr.c:100:7: runtime error: member access within misaligned address 0x7f03180e3001 for type 'struct Elf32_Phdr', which requires 4 byte alignment Compiled with: gcc-6.3.0 Visible with: -fsanitize=undefined Reproducer: https://github.com/asarubbo/poc/blob/master/00238-elfutils-misalignedaddress2 Errors attached. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libelf/21317] New: misaligned address error for uint32_t
https://sourceware.org/bugzilla/show_bug.cgi?id=21317 Bug ID: 21317 Summary: misaligned address error for uint32_t Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: libelf Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- On elfutils-0.168: # eu-elflint -d $FILE /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/libelf/gelf_xlate.h:36:1: runtime error: load of misaligned address 0x7f8ae27cb007 for type 'const uint32_t', which requires 4 byte alignment 0x7f8ae27cb007: note: pointer points here 46 01 02 01 00 00 02 00 00 00 45 4c 46 01 02 01 00 0b 00 01 00 00 00 60 04 20 00 00 00 00 00 00 ^ Compiled with: gcc-6.3.0 Visible with: -fsanitize=undefined Reproducer: https://github.com/asarubbo/poc/blob/master/00239-elfutils-misalignedaddress3 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libelf/21318] New: misaligned access error for Elf32_Shdr
https://sourceware.org/bugzilla/show_bug.cgi?id=21318 Bug ID: 21318 Summary: misaligned access error for Elf32_Shdr Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: libelf Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- On elfutils-0.168: # eu-elflint -d $FILE /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/libelf/elf_begin.c:157:21: runtime error: member access within misaligned address 0x7fd67b52c0ff for type 'struct Elf32_Shdr', which requires 4 byte alignment 0x7fd67b52c0ff: note: pointer points here 1e 60 00 00 00 00 00 10 1e 60 00 00 00 00 00 a8 02 00 00 00 00 00 00 e8 02 00 00 00 00 00 00 00 ^ Compiled with: gcc-6.3.0 Visible with: -fsanitize=undefined Reproducer: https://github.com/asarubbo/poc/blob/master/00240-elfutils-misalignedaddress4 -- You are receiving this mail because: You are on the CC list for the bug.
[PATCH] libelf: Always update last_offset in updatefile and updatemmap.
When ELF section data was used, but not updated or marked as dirty and
there also existed non-dirty sections and some padding was needed between
the sections (possibly because of alignment) then elf_update might write
"fill" over some of the existing data. This happened because in that case
the last_position was not updated correctly.
Includes a new testcase fillfile that fails before this patch by showing
fill instead of the expected data in some section data. It succeeds with
this patch.
https://sourceware.org/bugzilla/show_bug.cgi?id=21199
Signed-off-by: Mark Wielaard
---
libelf/ChangeLog | 6 +
libelf/elf32_updatefile.c | 9 +-
tests/ChangeLog | 7 +
tests/Makefile.am | 6 +-
tests/fillfile.c | 448 ++
5 files changed, 469 insertions(+), 7 deletions(-)
create mode 100644 tests/fillfile.c
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 8539cb5..3da04c0 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2017-03-27 Mark Wielaard
+
+ PR/21199
+ * elf32_updatefile.c (updatemmap): Always update last_positition.
+ (updatefile): Likewise.
+
2016-10-11 Akihiko Odaki
Mark Wielaard
diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c
index 8dd85d1..7ac9951 100644
--- a/libelf/elf32_updatefile.c
+++ b/libelf/elf32_updatefile.c
@@ -343,9 +343,10 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo,
size_t shnum)
{
fill_mmap (dl->data.d.d_off, last_position, scn_start,
shdr_start, shdr_end);
- last_position = scn_start + dl->data.d.d_off;
}
+ last_position = scn_start + dl->data.d.d_off;
+
if ((scn->flags | dl->flags | elf->flags) & ELF_F_DIRTY)
{
/* Let it go backward if the sections use a bogus
@@ -353,8 +354,6 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo,
size_t shnum)
user's section data with the latest one, rather than
crashing. */
- last_position = scn_start + dl->data.d.d_off;
-
if (unlikely (change_bo))
{
#if EV_NUM != 2
@@ -728,6 +727,8 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf, int change_bo,
size_t shnum)
}
}
+ last_offset = scn_start + dl->data.d.d_off;
+
if ((scn->flags | dl->flags | elf->flags) & ELF_F_DIRTY)
{
char tmpbuf[MAX_TMPBUF];
@@ -738,8 +739,6 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf, int change_bo,
size_t shnum)
user's section data with the latest one, rather than
crashing. */
- last_offset = scn_start + dl->data.d.d_off;
-
if (unlikely (change_bo))
{
#if EV_NUM != 2
diff --git a/tests/ChangeLog b/tests/ChangeLog
index cc6a19b..9b06782 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,10 @@
+2017-03-27 Mark Wielaard
+
+ * fillfile.c: New file.
+ * Makefile.am (check_PROGRAMS): Add fillfile.
+ (TESTS): Likewise.
+ (fillfile_LDADD): New variable.
+
2017-02-15 Ulf Hermann
* elfstrmerge.c: Include system.h.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d4659cd..6477b8c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -53,7 +53,8 @@ check_PROGRAMS = arextract arsymtest newfile saridx scnnames
sectiondump \
buildid deleted deleted-lib.so aggregate_size vdsosyms \
getsrc_die strptr newdata elfstrtab dwfl-proc-attach \
elfshphehdr elfstrmerge dwelfgnucompressed elfgetchdr \
- elfgetzdata elfputzdata zstrptr emptyfile vendorelf
+ elfgetzdata elfputzdata zstrptr emptyfile vendorelf \
+ fillfile
asm_TESTS = asm-tst1 asm-tst2 asm-tst3 asm-tst4 asm-tst5 \
asm-tst6 asm-tst7 asm-tst8 asm-tst9
@@ -127,7 +128,7 @@ TESTS = run-arextract.sh run-arsymtest.sh newfile
test-nlist \
run-elfgetzdata.sh run-elfputzdata.sh run-zstrptr.sh \
run-compress-test.sh \
run-readelf-zdebug.sh run-readelf-zdebug-rel.sh \
- emptyfile vendorelf
+ emptyfile vendorelf fillfile
if !BIARCH
export ELFUTILS_DISABLE_BIARCH = 1
@@ -489,6 +490,7 @@ elfputzdata_LDADD = $(libelf)
zstrptr_LDADD = $(libelf)
emptyfile_LDADD = $(libelf)
vendorelf_LDADD = $(libelf)
+fillfile_LDADD = $(libelf)
# We want to test the libelf header against the system elf.h header.
# Don't include any -I CPPFLAGS.
diff --git a/tests/fillfile.c b/tests/fillfile.c
new file mode 100644
index 000..915e249
--- /dev/null
+++ b/tests/fillfile.c
@@ -0,0 +1,448 @@
+/* Test program for changing data in one section (but not others) with gaps.
+
[Bug libelf/21199] elf_update might "fill" over existing section data
https://sourceware.org/bugzilla/show_bug.cgi?id=21199 Mark Wielaard changed: What|Removed |Added CC||mjw at redhat dot com --- Comment #1 from Mark Wielaard --- Patch posted: https://sourceware.org/ml/elfutils-devel/2017-q1/msg00126.html -- You are receiving this mail because: You are on the CC list for the bug.
Re: [RFC] libdw: prepend current directory in read_srclines
Hi Torsten, On Sun, Mar 26, 2017 at 08:35:50PM +0200, Torsten Polle wrote: > I observed that readelf and elfutils sometimes report different results. Do you have an example of this? It would be good to have a testcase. > PFA a patch that corrects this. I’m not sure whether the way I tackled > the problem is acceptable. I see why you are proposing this. The DWARF spec does say about the include_directories "Each path entry is either a full path name or is relative to the current directory of the compilation". So your patch does make sense. But it does depend on what users of dwarf_getsrclines expect. Or any use of Dwarf_Line/Dwarf_Files. I think those users expect that the returned file names can be relative. And that they should make them absolute using index zero or the comp_dir themselves. So if you do have an example where the expected output isn't what you believe it should be we should examine if there is some other way to do the right thing. Cheers, Mark
[PATCH] elflint: Check symbol table data is big enough before checking.
Before checking symbol index zero we should make sure the data size
is big enough.
https://sourceware.org/bugzilla/show_bug.cgi?id=21310
Signed-off-by: Mark Wielaard
---
src/ChangeLog | 4
src/elflint.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 0601198..3555942 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2017-03-27 Mark Wielaard
+
+ * elflint.c (check_symtab_shndx): Check data->d_size.
+
2017-02-16 Ulf Hermann
* addr2line.c: Include printversion.h
diff --git a/src/elflint.c b/src/elflint.c
index 66a13ca..76fb1a0 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -1959,7 +1959,8 @@ section [%2d] '%s': extended section index in section
[%2zu] '%s' refers to same
return;
}
- if (*((Elf32_Word *) data->d_buf) != 0)
+ if (data->d_size < sizeof (Elf32_Word)
+ || *((Elf32_Word *) data->d_buf) != 0)
ERROR (gettext ("symbol 0 should have zero extended section index\n"));
for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
--
2.9.3
[Bug tools/21310] eu-elflint: heap-based buffer overflow in check_symtab_shndx (elflint.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21310 Mark Wielaard changed: What|Removed |Added CC||mark at klomp dot org --- Comment #1 from Mark Wielaard --- eu-elflint isn't very robust against totally bogus ELF data, but this issue is easy to fix: https://sourceware.org/ml/elfutils-devel/2017-q1/msg00129.html -- You are receiving this mail because: You are on the CC list for the bug.
[PATCH] elflint: Don't trust sh_entsize when checking hash sections.
Calculate and use the expected entsize instead of relying on the one
given by the ELF file section header. Return early if there isn't enough
data in the section to check the full hash table.
https://sourceware.org/bugzilla/show_bug.cgi?id=21311
Signed-off-by: Mark Wielaard
---
src/ChangeLog | 7 +++
src/elflint.c | 32
2 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 3555942..bc9bffb 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,12 @@
2017-03-27 Mark Wielaard
+ * elflint.c (check_sysv_hash): Return early if section size is
+ too small.
+ (check_sysv_hash64): Likewise.
+ (check_hash): Calculate expect_entsize to check section size.
+
+2017-03-27 Mark Wielaard
+
* elflint.c (check_symtab_shndx): Check data->d_size.
2017-02-16 Ulf Hermann
diff --git a/src/elflint.c b/src/elflint.c
index 76fb1a0..5e95ca9 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -1,5 +1,5 @@
/* Pedantic checking of ELF files compliance with gABI/psABI spec.
- Copyright (C) 2001-2015 Red Hat, Inc.
+ Copyright (C) 2001-2015, 2017 Red Hat, Inc.
This file is part of elfutils.
Written by Ulrich Drepper , 2001.
@@ -1993,11 +1993,14 @@ check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data
*data, int idx,
Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
- if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
-ERROR (gettext ("\
+ if (shdr->sh_size < (2 + nbucket + nchain) * sizeof (Elf32_Word))
+{
+ ERROR (gettext ("\
section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
- idx, section_name (ebl, idx), (long int) shdr->sh_size,
- (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
+idx, section_name (ebl, idx), (long int) shdr->sh_size,
+(long int) ((2 + nbucket + nchain) * sizeof (Elf32_Word)));
+ return;
+}
size_t maxidx = nchain;
@@ -2044,11 +2047,14 @@ check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data
*data, int idx,
Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
- if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
-ERROR (gettext ("\
+ if (shdr->sh_size < (2 + nbucket + nchain) * sizeof (Elf64_Xword))
+{
+ ERROR (gettext ("\
section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
- idx, section_name (ebl, idx), (long int) shdr->sh_size,
- (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
+idx, section_name (ebl, idx), (long int) shdr->sh_size,
+(long int) ((2 + nbucket + nchain) * sizeof (Elf64_Xword)));
+ return;
+}
size_t maxidx = nchain;
@@ -2288,10 +2294,12 @@ section [%2d] '%s': hash table not for dynamic symbol
table\n"),
section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"),
idx, section_name (ebl, idx), shdr->sh_link);
- if (shdr->sh_entsize != (tag == SHT_GNU_HASH
+ size_t expect_entsize = (tag == SHT_GNU_HASH
? (gelf_getclass (ebl->elf) == ELFCLASS32
? sizeof (Elf32_Word) : 0)
- : (size_t) ebl_sysvhash_entrysize (ebl)))
+ : (size_t) ebl_sysvhash_entrysize (ebl));
+
+ if (shdr->sh_entsize != expect_entsize)
ERROR (gettext ("\
section [%2d] '%s': hash table entry size incorrect\n"),
idx, section_name (ebl, idx));
@@ -2300,7 +2308,7 @@ section [%2d] '%s': hash table entry size incorrect\n"),
ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
idx, section_name (ebl, idx));
- if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
+ if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (expect_entsize ?: 4))
{
ERROR (gettext ("\
section [%2d] '%s': hash table has not even room for initial administrative
entries\n"),
--
2.9.3
[Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Mark Wielaard changed: What|Removed |Added CC||mark at klomp dot org --- Comment #1 from Mark Wielaard --- We were a little too trusting of the data we were checking. https://sourceware.org/ml/elfutils-devel/2017-q1/msg00131.html -- You are receiving this mail because: You are on the CC list for the bug.
[PATCH] elflint: Sanity check the number of phdrs and shdrs available.
Make sure we can at least read the shnum sections or phnum segments.
Limit the number we do check to those we can actually read.
https://sourceware.org/bugzilla/show_bug.cgi?id=21312
Signed-off-by: Mark Wielaard
---
src/ChangeLog | 4
src/elflint.c | 26 ++
2 files changed, 30 insertions(+)
diff --git a/src/ChangeLog b/src/ChangeLog
index bc9bffb..7034152 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
2017-03-27 Mark Wielaard
+ * elflint.c (check_elf_header): Sanity check phnum and shnum.
+
+2017-03-27 Mark Wielaard
+
* elflint.c (check_sysv_hash): Return early if section size is
too small.
(check_sysv_hash64): Likewise.
diff --git a/src/elflint.c b/src/elflint.c
index 5e95ca9..6c83a77 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -456,6 +456,19 @@ invalid number of section header table entries\n"));
ERROR (gettext ("invalid section header index\n"));
}
+ /* Check the shdrs actually exist. */
+ unsigned int scnt;
+ Elf_Scn *scn = NULL;
+ for (scnt = 1; scnt < shnum; ++scnt)
+ {
+ scn = elf_nextscn (ebl->elf, scn);
+ if (scn == NULL)
+ break;
+ }
+ if (scnt < shnum)
+ERROR (gettext ("Can only check %u headers, shnum was %u\n"), scnt, shnum);
+ shnum = scnt;
+
phnum = ehdr->e_phnum;
if (ehdr->e_phnum == PN_XNUM)
{
@@ -474,6 +487,19 @@ invalid number of program header table entries\n"));
}
}
+ /* Check the phdrs actually exist. */
+ unsigned int pcnt;
+ for (pcnt = 0; pcnt < phnum; ++pcnt)
+ {
+ GElf_Phdr phdr_mem;
+ GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
+ if (phdr == NULL)
+ break;
+ }
+ if (pcnt < phnum)
+ERROR (gettext ("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
+ phnum = pcnt;
+
/* Check the e_flags field. */
if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
ERROR (gettext ("invalid machine flags: %s\n"),
--
2.9.3
[Bug tools/21312] eu-elflint: memory allocation failure in xcalloc (xmalloc.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21312 Mark Wielaard changed: What|Removed |Added CC||mark at klomp dot org --- Comment #1 from Mark Wielaard --- The allocation failure is caused by the insane large ph_num. We can limit the amount of memory we need by first checking we can at least read the headers and only allocate/check that number (and do the same for shnum). https://sourceware.org/ml/elfutils-devel/2017-q1/msg00133.html -- You are receiving this mail because: You are on the CC list for the bug.
