From: Andrii Nakryiko Date: Thu, 21 Dec 2017 20:47:30 +0000 (-0800) Subject: Fix crashing on corrupted ELF binaries with invalid offsets in ELF header. X-Git-Tag: v2017.12.25.00~6 X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=5d64a503ffc312886d23b22ad12df87bbc8f9a32;p=folly.git Fix crashing on corrupted ELF binaries with invalid offsets in ELF header. Summary: There are cases where ELF binaries are running fine, but have slightly corrupted ELF headers, e.g., with section headers offset pointing beyond boundaries of file. I'm guessing this is due to running strip or objdump with either some particular combination of flags or some due to buggy version of those tools. This change prevents from crashing on such files. Reviewed By: yfeldblum Differential Revision: D6616027 fbshipit-source-id: 8cb3ac4475a51d1f1045c395977a6a77fbefffb2 --- diff --git a/folly/experimental/symbolizer/Elf-inl.h b/folly/experimental/symbolizer/Elf-inl.h index 51890e40..0d435b4c 100644 --- a/folly/experimental/symbolizer/Elf-inl.h +++ b/folly/experimental/symbolizer/Elf-inl.h @@ -23,25 +23,37 @@ namespace symbolizer { template const ElfPhdr* ElfFile::iterateProgramHeaders(Fn fn) const { + // there exist ELF binaries which execute correctly, but have invalid internal + // offset(s) to program/section headers; most probably due to invalid + // stripping of symbols + if (elfHeader().e_phoff + sizeof(ElfPhdr) >= length_) { + return nullptr; + } + const ElfPhdr* ptr = &at(elfHeader().e_phoff); for (size_t i = 0; i < elfHeader().e_phnum; i++, ptr++) { if (fn(*ptr)) { return ptr; } } - return nullptr; } template const ElfShdr* ElfFile::iterateSections(Fn fn) const { + // there exist ELF binaries which execute correctly, but have invalid internal + // offset(s) to program/section headers; most probably due to invalid + // stripping of symbols + if (elfHeader().e_shoff + sizeof(ElfShdr) >= length_) { + return nullptr; + } + const ElfShdr* ptr = &at(elfHeader().e_shoff); for (size_t i = 0; i < elfHeader().e_shnum; i++, ptr++) { if (fn(*ptr)) { return ptr; } } - return nullptr; }