[PATCH] libelf: handle PN_XNUM in elf_getphdrnum before shdr 0 is cached

Mark Wielaard mark@klomp.org
Sun Mar 22 22:40:34 GMT 2020


Hi Omar,

On Sat, 2020-03-21 at 11:21 -0700, Omar Sandoval wrote:
> I encountered this in drgn on a vmcore for a large server created by
> makedumpfile,

That makes sense since [vm]cores contain lots of segments.

>  but I was able to put together a minimal reproducer.
> Generate the ELF file with this python script:
> [...]
> 
> And run this program:
> [...]
> 
> This should output 66000, but it outputs 65535 instead.

That is a really nice testcase. If we tweak it a little (so all
segments have the same load address) then it compresses to just 188
bytes with bzip2. Would you mind, and give your signed-off-by, for
adding the attached to the testsuite? It fails before, and passes after
your fix.

> Looking at file_read_elf, the cache is only initialized from
> elf_begin
> from ELF_C_RDWR_MMAP and ELF_C_READ_MMAP_PRIVATE as long as
> endianness
> matches the host and the section headers are properly aligned:
> 
>       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
> 	  && cmd != ELF_C_READ_MMAP /* We need a copy to be able to
> write.  */
> 	  && (ALLOW_UNALIGNED
> 	      || (((uintptr_t) ((char *) ehdr + e_shoff)
> 		   & (__alignof__ (Elf64_Shdr) - 1)) == 0)))

I had missed that part. So it is actually common to not have the phdrs
cache.

Thanks,

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-tests-Add-testcase-for-elf_getphdrnum-with-more-than.patch
Type: text/x-patch
Size: 8033 bytes
Desc: 
URL: <http://sourceware.org/pipermail/elfutils-devel/attachments/20200322/5e266dbc/attachment-0001.bin>


More information about the Elfutils-devel mailing list