[Toybox] [PATCH] readelf: harden against invalid input.

enh enh at google.com
Tue Nov 17 16:29:10 PST 2020


On Thu, Nov 12, 2020 at 4:03 PM enh <enh at google.com> wrote:
>
> I also promised to fix readelf. Where in file(1) I made no attempt to
> say what was bad (or even to change `goto bad` to explicitly say that
> *anything* was bad), I believe that readelf is much more likely to be
> shown invalid ELF files, and that it would be useful to have some clue
> as to what's wrong. Relatedly, this patch removes all existing
> error_exit() calls in case it's being used on multiple files.
>
> Again, this survived ~24hrs of AFL++ trying to blow its house down.

actually, because i forgot to kill AFL++ and just lost the window in
my stack, this has now survived nearly a week of continuous fuzzing
:-)

> Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./readelf -a @@
> ---
>  toys/pending/readelf.c | 203 ++++++++++++++++++++++++-----------------
>  1 file changed, 119 insertions(+), 84 deletions(-)



More information about the Toybox mailing list