This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libelf/24387] dwfl_segment_report_module doesn't check whether the phdrs data read from core file is truncated

From: "mark at klomp dot org" <sourceware-bugzilla at sourceware dot org>
To: elfutils-devel at sourceware dot org
Date: Wed, 27 Mar 2019 21:40:52 +0000
Subject: [Bug libelf/24387] dwfl_segment_report_module doesn't check whether the phdrs data read from core file is truncated
Auto-submitted: auto-generated
References: <bug-24387-10460@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=24387

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |mark at klomp dot org
         Resolution|---                         |FIXED
            Summary|Invalid address Deference   |dwfl_segment_report_module
                   |in elf32_xlatetom function  |doesn't check whether the
                   |in libelf/elf32_xlatetom.c  |phdrs data read from core
                   |                            |file is truncated

--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
Can be replicated with valgrind.

It is indeed similar to bug #24103. Both of which aren't bugs in
elf(64|32)_xlatetom, but dwfl_segment_report_module should also check that the
core file isn't truncated so that not all of the phdrs can be read.

Fix is similar:

diff --git a/libdwfl/dwfl_segment_report_module.c
b/libdwfl/dwfl_segment_report_
index f6ad39b..76ba150 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -412,6 +412,12 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const
char
                    start + phoff, xlatefrom.d_size))
     return finish ();

+  /* ph_buffer_size will be zero if we got everything from the initial
+     buffer, otherwise it will be the size of the new buffer that
+     could be read.  */
+  if (ph_buffer_size != 0)
+    xlatefrom.d_size = ph_buffer_size;
+
   xlatefrom.d_buf = ph_buffer;

   bool class32 = ei_class == ELFCLASS32;

commit e1f353b785b5cdb20d8004b6c4070c3e2a783e8b
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed Mar 27 22:32:21 2019 +0100

    libdwfl: Sanity check partial core file phdrs data read.

    When reading the phdrs data from the core file check if we got everything,
    or just part of the data.

    https://sourceware.org/bugzilla/show_bug.cgi?id=24387

    Signed-off-by: Mark Wielaard <mark@klomp.org>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug libelf/24387] New: Invalid address Deference in elf32_xlatetom function in libelf/elf32_xlatetom.c
  - From: wcventure at 126 dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]