Created attachment 9946 [details] stacktrace On elfutils-0.168: # eu-elflint -d $FILE ==5053==AddressSanitizer CHECK failed: /tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #7 0x431b8d in xcalloc /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/lib/xmalloc.c:64 Compiled with: gcc-6.3.0 Reproducer: https://github.com/asarubbo/poc/blob/master/00236-elfutils-memallocfailure Stacktrace attached.
The allocation failure is caused by the insane large ph_num. We can limit the amount of memory we need by first checking we can at least read the headers and only allocate/check that number (and do the same for shnum). https://sourceware.org/ml/elfutils-devel/2017-q1/msg00133.html
commit 4314716cd498bb51639db717bd7ce6182de33322 Author: Mark Wielaard <mark@klomp.org> Date: Tue Mar 28 01:25:34 2017 +0200 elflint: Sanity check the number of phdrs and shdrs available. Make sure we can at least read the shnum sections or phnum segments. Limit the number we do check to those we can actually read. https://sourceware.org/bugzilla/show_bug.cgi?id=21312 Signed-off-by: Mark Wielaard <mark@klomp.org>