Comparing changes

Parsing this file results in patchelf triggering an assertion: patchelf: patchelf.cc:431: ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::ElfFile(FileContents) [Elf_Ehdr = Elf64_Ehdr, Elf_Phdr = Elf64_Phdr, Elf_Shdr = Elf64_Shdr, Elf_Addr = unsigned long, Elf_Off = unsigned long, Elf_Dyn = Elf64_Dyn, Elf_Sym = Elf64_Sym, Elf_Verneed = Elf64_Verneed, Elf_Versym = unsigned short]: Assertion `shstrtabIndex < shdrs.size()' failed. Program received signal SIGABRT, Aborted.

Parsing this file results in patchelf triggering an assertion: patchelf: patchelf.cc:384: void checkPointer(const FileContents &, void *, unsigned int): Assertion `q >= contents->data() && q + size <= contents->data() + contents->size()' failed. Aborted (core dumped)

Parsing this file results in patchelf triggering an assertion: patchelf: patchelf.cc:439: ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::ElfFile(FileContents) [Elf_Ehdr = Elf64_Ehdr, Elf_Phdr = Elf64_Phdr, Elf_Shdr = Elf64_Shdr, Elf_Addr = unsigned long, Elf_Off = unsigned long, Elf_Dyn = Elf64_Dyn, Elf_Sym = Elf64_Sym, Elf_Verneed = Elf64_Verneed, Elf_Versym = unsigned short]: Assertion `shstrtabSize > 0' failed. Aborted (core dumped)

Parsing this file results in patchelf triggering an assertion: patchelf: patchelf.cc:442: ElfFile<Elf64_Ehdr, Elf64_Phdr, Elf64_Shdr, unsigned long, unsigned long, Elf64_Dyn, Elf64_Sym, Elf64_Verneed, unsigned short>::ElfFile(FileContents) [Elf_Ehdr = Elf64_Ehdr, Elf_Phdr = Elf64_Phdr, Elf_Shdr = Elf64_Shdr, Elf_Addr = unsigned long, Elf_Off = unsigned long, Elf_Dyn = Elf64_Dyn, Elf_Sym = Elf64_Sym, Elf_Verneed = Elf64_Verneed, Elf_Versym = unsigned short]: Assertion `shstrtab[shstrtabSize - 1] == 0' failed. Aborted (core dumped)

Parsing this file results in patchelf segfaulting at: at /nix/store/h31cy7jm6g7cfqbhc5pm4rf9c53i3qfb-gcc-9.3.0/include/c++/9.3.0/bits/char_traits.h:335 at /nix/store/h31cy7jm6g7cfqbhc5pm4rf9c53i3qfb-gcc-9.3.0/include/c++/9.3.0/bits/basic_string.h:527 this=0x7fffffff8028, fileContents=...) at patchelf.cc:449

... otherwise strlen() (in the std::string constructor) will be called with an out-of-bounds pointer.

Parsing this file results in patchelf segfaulting at: Program received signal SIGSEGV, Segmentation fault. std::vector<Elf32_Phdr, std::allocator<Elf32_Phdr> >::_M_realloc_insert<Elf32_Phdr const&> (this=0x7fffffff80a8, __position=..., __args=...) at /nix/store/h31cy7jm6g7cfqbhc5pm4rf9c53i3qfb-gcc-9.3.0/include/c++/9.3.0/bits/vector.tcc:449 449 _Alloc_traits::construct(this->_M_impl, (gdb) bt at /nix/store/h31cy7jm6g7cfqbhc5pm4rf9c53i3qfb-gcc-9.3.0/include/c++/9.3.0/bits/vector.tcc:449 at /nix/store/h31cy7jm6g7cfqbhc5pm4rf9c53i3qfb-gcc-9.3.0/include/c++/9.3.0/bits/stl_vector.h:1195 this=0x7fffffff8088, fileContents=...) at patchelf.cc:421

sectionsByOldIndex was resized to hdr->e_shnum instead of rdi(hdr->e_shnum). This omitted the endianness conversion and probably only worked by accident, because the 16-bit LE->BE conversion results in integers that are larger as long as there no more than 255 section headers. This would be a good usecase for std::transform, but I'm unsure whether we want to bump requirements to build patchelf to C++ 2017.

This is similar to the earlier fix for phdr offsets, but the fuzzer didn't find this.

Fuzzing fixes

Commits on Nov 16, 2020

Merge pull request #251 from blitz/fuzzing-fixes

Fuzzing fixes

edolstra committed Nov 16, 2020

Copy the full SHA

57ad111 View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Nov 15, 2020

Commits on Nov 16, 2020

This comparison is taking too long to generate.