Bug 21312

Summary: eu-elflint: memory allocation failure in xcalloc (xmalloc.c)
Product: elfutils Reporter: Agostino Sarubbo <ago>
Component: toolsAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: normal CC: elfutils-devel, mark
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: stacktrace

Description Agostino Sarubbo 2017-03-27 10:46:41 UTC 
Created attachment 9946 [details]
stacktrace

On elfutils-0.168:

# eu-elflint -d $FILE
==5053==AddressSanitizer CHECK failed: /tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #7 0x431b8d in xcalloc /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/lib/xmalloc.c:64


Compiled with: gcc-6.3.0

Reproducer:
https://github.com/asarubbo/poc/blob/master/00236-elfutils-memallocfailure

Stacktrace attached.
Comment 1 Mark Wielaard 2017-03-27 23:28:09 UTC 
The allocation failure is caused by the insane large ph_num. We can limit the amount of memory we need by first checking we can at least read the headers and only allocate/check that number (and do the same for shnum).
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00133.html
Comment 2 Mark Wielaard 2017-04-03 22:25:00 UTC 
commit 4314716cd498bb51639db717bd7ce6182de33322
Author: Mark Wielaard <mark@klomp.org>
Date:   Tue Mar 28 01:25:34 2017 +0200

    elflint: Sanity check the number of phdrs and shdrs available.
    
    Make sure we can at least read the shnum sections or phnum segments.
    Limit the number we do check to those we can actually read.
    
    https://sourceware.org/bugzilla/show_bug.cgi?id=21312
    
    Signed-off-by: Mark Wielaard <mark@klomp.org>