Bug 21312 - eu-elflint: memory allocation failure in xcalloc (xmalloc.c)
Summary: eu-elflint: memory allocation failure in xcalloc (xmalloc.c)
Status: RESOLVED FIXED
Alias: None
Product: elfutils
Classification: Unclassified
Component: tools (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-27 10:46 UTC by Agostino Sarubbo
Modified: 2017-04-03 22:25 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
stacktrace (1.58 KB, text/plain)
2017-03-27 10:46 UTC, Agostino Sarubbo
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo 2017-03-27 10:46:41 UTC
Created attachment 9946 [details]
stacktrace

On elfutils-0.168:

# eu-elflint -d $FILE
==5053==AddressSanitizer CHECK failed: /tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #7 0x431b8d in xcalloc /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/lib/xmalloc.c:64


Compiled with: gcc-6.3.0

Reproducer:
https://github.com/asarubbo/poc/blob/master/00236-elfutils-memallocfailure

Stacktrace attached.
Comment 1 Mark Wielaard 2017-03-27 23:28:09 UTC
The allocation failure is caused by the insane large ph_num. We can limit the amount of memory we need by first checking we can at least read the headers and only allocate/check that number (and do the same for shnum).
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00133.html
Comment 2 Mark Wielaard 2017-04-03 22:25:00 UTC
commit 4314716cd498bb51639db717bd7ce6182de33322
Author: Mark Wielaard <mark@klomp.org>
Date:   Tue Mar 28 01:25:34 2017 +0200

    elflint: Sanity check the number of phdrs and shdrs available.
    
    Make sure we can at least read the shnum sections or phnum segments.
    Limit the number we do check to those we can actually read.
    
    https://sourceware.org/bugzilla/show_bug.cgi?id=21312
    
    Signed-off-by: Mark Wielaard <mark@klomp.org>