https://sourceware.org/bugzilla/show_bug.cgi?id=32673
Mark Wielaard changed:
What|Removed |Added
Assignee|unassigned at sourceware dot org |mark at klomp dot org
https://sourceware.org/bugzilla/show_bug.cgi?id=32684
Mark Wielaard changed:
What|Removed |Added
CC||mark at klomp dot org
--- Comment #1
We didn't check the symbol table referenced from the relocation table
was a real symbol table. This could cause a crash if that section
happened to be an SHT_NOBITS section without any data. Fix this by
adding an explicit check.
* src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
Report of the static analyzer:
1. DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at
ar.c:498, may be NULL and is dereferenced at ar.c:500.
2. DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at
ar.c:940, may be NULL and is dereferenced at ar.c:943
3. DEREF_OF_NUL
Static analyzer reported:
Return value of a function 'gelf_getehdr' is dereferenced at readelf.c:12443
without checking for NULL, but it is usually checked for this function (53/54).
Corrections explained:
- Added a NULL check for the ehdr variable
Triggers found by static analyzer Svace.
Signed
Static analyzer reported:
Return value of a function 'elf_getdata' is dereferenced at unstrip.c:1977
without checking for NULL, but it is usually checked for this function (97/101).
Corrections explained:
- Added a check for NULL for the symstrdata variable before calling
dwelf_strtab_finalize.
-
Hi Mark,
On Mon, Feb 10, 2025 at 10:49 AM Mark Wielaard wrote:
>
> __libdw_getabbrev could crash on reading a bad abbrev by trying to
> deallocate memory it didn't allocate itself. This could happen because
> dwarf_offabbrev would supply its own memory when calling
> __libdw_getabbrev. No other c
Static analyzer reported:
Return value of a function 'elf_strptr' is dereferenced at readelf.c:7171
without checking for NULL, but it is usually checked for this function (71/74).
Corrections explained:
- Added a NULL check for the scnname variable, which contains the result of
the elf_strptr ca
Hi Mark,
On Mon, Feb 10, 2025 at 1:32 PM Mark Wielaard wrote:
>
> A corrupt ELF file can have broken program headers, in which case
> gelf_getphdr returns NULL. This could crash handle_dynamic_symtab
> while searching for the PT_DYNAMIC phdr. Fix this by checking whether
> gelf_phdr returns NULL.
Hi Mark,
On Mon, Feb 10, 2025 at 1:37 PM Mark Wielaard wrote:
>
> When combining eu-readelf -z with -x or -p to dump the data or strings
> in an (corrupted ELF) unnamed numbered section eu-readelf could crash
> trying to check whether the section name starts with .zdebug. Fix this
> by skipping s
Hi Mark,
On Mon, Feb 10, 2025 at 1:27 PM Mark Wielaard wrote:
>
> When dynsym/str was read through eu-readelf --dynamic by readelf
> process_symtab the string data was not validated, possibly printing
> unallocated memory past the end of the symstr data. Fix this by
> truning the elf_strptr valid
Report of the static analyzer:
DEREF_OF_NULL.RET Pointer, returned from function 'elf_getarhdr' at
readelf.c:13551,
may be NULL and is dereferenced at readelf.c:13553.
Corrections explained:
- Added a NULL check for the pointer returned by `elf_getarhdr`.
- If the pointer is NULL, release resour
Hi Mark,
On Wed, Feb 12, 2025 at 6:16 PM Mark Wielaard wrote:
>
> In the unlikely situation that elf_strptr was called on a section with
> sh_size already set, but that doesn't have any data yet we could crash
> trying to verify the string to return.
>
> This could happen for example when a new s
Hi Mark,
On Thu, Feb 13, 2025 at 9:04 AM Mark Wielaard wrote:
>
> We didn't check the symbol table referenced from the relocation table
> was a real symbol table. This could cause a crash if that section
> happened to be an SHT_NOBITS section without any data. Fix this by
> adding an explicit che
https://sourceware.org/bugzilla/show_bug.cgi?id=32689
Bug ID: 32689
Summary: Robustify [g]elf functions that take (nobits) Elf_Data
arguments
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
15 matches
Mail list logo
