[Toybox] [PATCH] readelf: harden against invalid input.

enh enh at google.com
Thu Nov 12 16:03:58 PST 2020


I also promised to fix readelf. Where in file(1) I made no attempt to
say what was bad (or even to change `goto bad` to explicitly say that
*anything* was bad), I believe that readelf is much more likely to be
shown invalid ELF files, and that it would be useful to have some clue
as to what's wrong. Relatedly, this patch removes all existing
error_exit() calls in case it's being used on multiple files.

Again, this survived ~24hrs of AFL++ trying to blow its house down.

Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./readelf -a @@
---
 toys/pending/readelf.c | 203 ++++++++++++++++++++++++-----------------
 1 file changed, 119 insertions(+), 84 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-readelf-harden-against-invalid-input.patch
Type: text/x-patch
Size: 14650 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20201112/cfae4f34/attachment-0002.bin>


More information about the Toybox mailing list