Re: Fuzzing elfutils

[Mark Wielaard <mjw at redhat dot com>]

On Mon, 2014-12-08 at 04:01 +0300, Alexander Cherepanov wrote:
> On 2014-12-04 19:03, Mark Wielaard wrote:
> > Good news, the asserts from readelf-asserts.tar.gz don't trigger anymore
> > and the command seems to run fine.
> 
> Sorry, I'm still seeing "readelf: readelf.c:7751: 
> print_debug_exception_table: Assertion `readp == action_table' failed." 
> on 437b7cf1.

Right, sorry, I didn't include -e in my tests.
The assert is "right" the Action Table should immediately follow the
Call site table. But we should just report invalid data if that isn't
the case instead of asserting.

Patch attached (and on the mjw/pending branch).

Thanks,

Mark

From acfa45c417f7c4feb34d91d8156fd394bf0a5df8 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Mon, 8 Dec 2014 10:11:43 +0100
Subject: [PATCH] readelf: Report invalid data if action table doesn't follow
 call site table.

Don't assert.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 src/ChangeLog | 5 +++++
 src/readelf.c | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 1c3cf2f..4771dc9 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-08  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_debug_exception_table): Report invalid data if
+	action table doesn't immediately follow call site table.
+
 2014-12-07  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_debug_line_section): max_ops_per_instr cannot
diff --git a/src/readelf.c b/src/readelf.c
index fa9ede1..1db54c6 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -7748,7 +7748,8 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
 		       "        Action:            %u\n"),
 	      u++, call_site_start, call_site_length, landing_pad, action);
     }
-  assert (readp == action_table);
+  if (readp != action_table)
+    goto invalid_data;
 
   unsigned int max_ar_filter = 0;
   if (max_action > 0)
-- 
1.8.3.1