[Bug libelf/23528] When executing ./eu-nm or ./eu-readelf -aAdehIlnrsSVcp -w, AddressSanitizer catch a double-free crash.

mark at klomp dot org sourceware-bugzilla@sourceware.org
Wed Aug 15 20:43:00 GMT 2018


https://sourceware.org/bugzilla/show_bug.cgi?id=23528

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
(In reply to Frank Ch. Eigler from comment #2)
> FWIW, is there some technical reason why an .zdebug section couldn't
> possibly ALSO be SHT_COMPRESSED ?  i.e., compressed twice for some reason by
> the generator?

In theory you could gabi compress a section that is GNU compressed. But in
practice eu-elfcompress won't let you do that (it will first decompress the
.zdebug_xxx section, rename it to .debug_xxx and then gabi compress it). It
would also be somewhat pointless since they use the same zlib compression
scheme. So unless you use ELF_CHF_FORCE it wouldn't actually work since the
result would likely be bigger.

The other way around however (GNU compress an already gabi compressed section)
would be problematic. There is no good way to know whether the data is
corrupted or already (de)compressed since the GNU compression has no meta-data
(like Elf[32|64]_Chdr or a section flag) associated only the implicit section
naming, but from just the name you cannot know whether or not the section data
has already be (de)compressed.

So I think the correct fix is as follows:

diff --git a/libelf/elf_compress_gnu.c b/libelf/elf_compress_gnu.c
index c35dc395..dfa7c571 100644
--- a/libelf/elf_compress_gnu.c
+++ b/libelf/elf_compress_gnu.c
@@ -80,7 +80,9 @@ elf_compress_gnu (Elf_Scn *scn, int inflate, unsigned int
flags)
       sh_addralign = shdr->sh_addralign;
     }

-  if ((sh_flags & SHF_ALLOC) != 0)
+  /* Allocated sections, or sections that are already compressed
+     cannot (also) be GNU compressed.  */
+  if ((sh_flags & SHF_ALLOC) != 0 || (sh_flags & SHF_COMPRESSED))
     {
       __libelf_seterrno (ELF_E_INVALID_SECTION_FLAGS);
       return -1;

That way you could still (theoretically) gabi compress a gnu compressed
section. But you wouldn't be able to gnu (de)compress a section that is already
gabi compressed (unless you first [gabi] decompress it).

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list