Hi,
On Mon, Aug 01, 2022 at 02:09:52AM +0200, Mark Wielaard wrote:
> > - 7: make check ( failure )
> > Logs:
> > - stdio:
> > https://builder.sourceware.org/buildbot/#builders/43/builds/47/steps/7/logs/stdio
> > - test-suite.log:
> > https://builder.sourceware.org/buildbot/#builders/43/builds/47/steps/7/logs/test-suite_log
>
> So that is in the one little addition I made:
>
> -==3856043== Invalid read of size 1
> -==3856043== at 0x484EBE8: memrchr (vg_replace_strmem.c:1012)
> -==3856043== by 0x100FEDF: handle_dynamic (readelf.c:1909)
> -==3856043== by 0x102061D: print_dynamic (readelf.c:2013)
> -==3856043== by 0x102061D: process_elf_file (readelf.c:1034)
> -==3856043== by 0x1021FDB: process_dwflmod (readelf.c:818)
> -==3856043== by 0x4962BCF: dwfl_getmodules (dwfl_getmodules.c:86)
> -==3856043== by 0x100E175: process_file (readelf.c:926)
> -==3856043== by 0x1006A75: main (readelf.c:395)
> -==3856043== Address 0x56df358 is 24 bytes before a block of size 264 alloc'd
> -==3856043== at 0x484C002: calloc (vg_replace_malloc.c:1328)
> -==3856043== by 0x4A4EED9: elf_getdata_rawchunk
> (elf_getdata_rawchunk.c:173)
> -==3856043== by 0x1010621: get_dynscn_strtab (readelf.c:4958)
> -==3856043== by 0x1010621: handle_dynamic (readelf.c:1884)
> -==3856043== by 0x102061D: print_dynamic (readelf.c:2013)
> -==3856043== by 0x102061D: process_elf_file (readelf.c:1034)
> -==3856043== by 0x1021FDB: process_dwflmod (readelf.c:818)
> -==3856043== by 0x4962BCF: dwfl_getmodules (dwfl_getmodules.c:86)
> -==3856043== by 0x100E175: process_file (readelf.c:926)
> -==3856043== by 0x1006A75: main (readelf.c:395)
>
> I am staring at the code, but don't immediately see which mistake I
> made. Maybe I should use d_val instead of d_ptr (but those are both
> uint64_t so that shouldn't really matter).
Doh. Even though memchr searches backwards, it takes the start of the
buffer instead of the end of the buffer as argument. Fixed as
attached, also cleaned up the use of d_val vs d_ptr. Pushed after
verifying with a try- build that it really fixes the issue.
Cheers,
Mark
>From d0ff4e224738adf34eba38dc33ffda67e5da6634 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <m...@klomp.org>
Date: Mon, 1 Aug 2022 02:02:16 +0200
Subject: [PATCH] readelf: memrchr searches backwards but takes the start buf
as argument
The bug (caught by valgrind) was giving memrchr to end of the buffer.
Also as cleanup, Use d_val not d_ptr for calculating offset.
---
src/ChangeLog | 5 +++++
src/readelf.c | 8 ++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index db20a6ef..42ce6640 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2022-08-01 Mark Wielaard <m...@klomp.org>
+
+ * readelf.c (handle_dynamic): Pass start of buffer to memrchr.
+ Use dyn->d_un.d_val for offsets instead of d_ptr.
+
2022-04-28 Di Chen <dic...@redhat.com>
* readelf.c (options): Add use-dynamic 'D'.
diff --git a/src/readelf.c b/src/readelf.c
index f4d973da..f1f77ce8 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1905,10 +1905,10 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, GElf_Phdr *phdr)
{
if (! use_dynamic_segment)
name = elf_strptr (ebl->elf, shdr->sh_link, dyn->d_un.d_val);
- else if (dyn->d_un.d_ptr < strtab_data->d_size
- && memrchr (strtab_data->d_buf + strtab_data->d_size - 1, '\0',
- strtab_data->d_size - 1 - dyn->d_un.d_ptr) != NULL)
- name = ((char *) strtab_data->d_buf) + dyn->d_un.d_ptr;
+ else if (dyn->d_un.d_val < strtab_data->d_size
+ && memrchr (strtab_data->d_buf + dyn->d_un.d_val, '\0',
+ strtab_data->d_size - 1 - dyn->d_un.d_val) != NULL)
+ name = ((char *) strtab_data->d_buf) + dyn->d_un.d_val;
}
switch (dyn->d_tag)
--
2.30.2
