[Toybox] readelf questions.

enh enh at google.com
Mon Feb 3 20:15:59 PST 2020


On Tue, Jan 28, 2020 at 7:11 PM Rob Landley <rob at landley.net> wrote:
>
> Is reading 64 bit binaries from 32 bit systems interesting? Because struct sh
> and struct ph have "int" and "long" values, which are the same on 32 bit.
> (long long is the one that's always 64 bit.)

i certainly intended to support that combination. i've actually since
added CTS tests that use `readelf -S` output, but obviously not on
files with values big enough to break this.

i've sent the obvious patch.

> Last elf plumbing I did (file?) I carefully made sure every access wouldn't go
> off the end of the mmap. This doesn't seem to ever check that? (ph.filesz could
> be zero then you're feeding -1 to printf, etc...)

like i said, i haven't fuzzed this at all, so there's doubtless _some_
checks missing. and, yes, that seems to be one. (and a sign [no pun
intended] that all this should be switched to unsigned.) i'll send a
patch for that tomorrow night if you haven't already done it by then.

anywhere there's a dereference should be protected: search for
references to TT.size. there aren't as many as you might expect to see
because get_sh() and get_ph() won't return a bad section or program
header.

> Should work on non-pathological ELF files, of course... :)

sadly i didn't test with chrome's .so files or i'd have caught this :-)

> Rob
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net



More information about the Toybox mailing list