This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Various SIGFPEs on sh_entsize == 0
- From: Petr Machata <pmachata at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 22 Mar 2011 10:15:53 +0100
- Subject: Various SIGFPEs on sh_entsize == 0
Hi there,
I hit these cases during my fuzzer runs. I'm turning the patches in
after yesterday's discussion on #elfutils. My original inclination was
that we don't have to support arbitrarily broken files, but it's true
that the tools shouldn't misbehave either. It's all on the branch
pmachata/sh_entsize, and pasted here for easy review.
PM
diff --git a/libdwfl/relocate.c b/libdwfl/relocate.c
index 95206f4..64e4485 100644
--- a/libdwfl/relocate.c
+++ b/libdwfl/relocate.c
@@ -478,6 +478,9 @@ relocate_section (Dwfl_Module *mod, Elf *relocated, const GElf_Ehdr *ehdr,
}
}
+ if (shdr->sh_entsize == 0)
+ return DWFL_E_BADELF;
+
size_t nrels = shdr->sh_size / shdr->sh_entsize;
size_t complete = 0;
if (shdr->sh_type == SHT_REL)
diff --git a/src/elflint.c b/src/elflint.c
index c122735..1c586d0 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -1448,6 +1448,9 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
Elf_Data *symdata = elf_getdata (symscn, NULL);
enum load_state state = state_undecided;
+ if (shdr->sh_entsize == 0)
+ return;
+
for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
{
GElf_Rela rela_mem;
diff --git a/src/readelf.c b/src/readelf.c
index 30c2be0..17f657a 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1705,6 +1705,15 @@ static void
handle_relocs_rela (Ebl *ebl, GElf_Ehdr *ehdr, Elf_Scn *scn, GElf_Shdr *shdr)
{
int class = gelf_getclass (ebl->elf);
+ if (shdr->sh_entsize == 0)
+ {
+ printf (gettext ("\
+\nInvalid relocation section [%2zu] at offset %#0" PRIx64 ".\n"),
+ elf_ndxscn (scn),
+ shdr->sh_offset);
+ return;
+ }
+
int nentries = shdr->sh_size / shdr->sh_entsize;
/* Get the data of the section. */