[Bug tools/25069] AddressSanitizer: heap-buffer-overflow at libdwelf/dwelf_strtab.c:284

mark at klomp dot org sourceware-bugzilla@sourceware.org
Sat Oct 26 20:52:00 GMT 2019


https://sourceware.org/bugzilla/show_bug.cgi?id=25069

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
          Component|libelf                      |tools
           Assignee|unassigned at sourceware dot org   |mark at klomp dot org

--- Comment #5 from Mark Wielaard <mark at klomp dot org> ---
The problem is that the symbol table string data (.strtab) is corrupt. The last
string doesn't have a zero terminator. This can be fixed by checking the symbol
name is a valid string:

diff --git a/src/unstrip.c b/src/unstrip.c
index f4314d5d..9b8c09a1 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -854,7 +854,9 @@ collect_symbols (Elf *outelf, bool rel, Elf_Scn *symscn,
Elf_Scn *strscn,
       if (sym->st_shndx != SHN_XINDEX)
        shndx = sym->st_shndx;

-      if (sym->st_name >= strdata->d_size)
+      if (sym->st_name >= strdata->d_size
+         || memrchr (strdata->d_buf + sym->st_name, '\0',
+                     strdata->d_size - sym->st_name) == NULL)
        error (EXIT_FAILURE, 0,
               _("invalid string offset in symbol [%zu]"), i);

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list