Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debug/elf: index out of range #10996

Closed
dvyukov opened this issue May 30, 2015 · 8 comments
Closed

debug/elf: index out of range #10996

dvyukov opened this issue May 30, 2015 · 8 comments
Labels
FrozenDueToAge
Milestone
Unplanned

Comments

@dvyukov
Copy link
Member

dvyukov commented May 30, 2015

The following program crashes with the panic:

package main

import (
    "bytes"
    "debug/elf"
)

func main() {
    data := []byte("\u007fELF\x02\x01\x010000000000000" +
        "\x010000000000000000000" +
        "\x00\x00\x00\x00\x00\x00\x00\x0000000000\x00\x00\x00\x00" +
        "0000")
    f, err := elf.NewFile(bytes.NewReader(data))
    if err != nil {
        if f != nil {
            panic("file is not nil on error")
        }
        return
    }
    defer f.Close()
    f.DynamicSymbols()
    f.ImportedLibraries()
    f.ImportedSymbols()
    f.Section(".data")
    f.SectionByType(elf.SHT_GNU_VERSYM)
    f.Symbols()
    dw, err := f.DWARF()
    if err != nil {
        if dw != nil {
            panic("dwarf is not nil on error")
        }
        return
    }
    dr := dw.Reader()
    for {
        e, _ := dr.Next()
        if e == nil {
            break
        }
    }

}
panic: runtime error: index out of range

goroutine 1 [running]:
debug/elf.NewFile(0x7f6e0f6071c0, 0xc208014420, 0x63d900, 0x0, 0x0)
    src/debug/elf/file.go:380 +0x1484
main.main()
    elftest.go:13 +0x10e

on commit 596bb76
@dvyukov dvyukov added this to the Go1.5 milestone May 30, 2015
@dvyukov
Copy link
Member Author

dvyukov commented May 30, 2015

/cc @ianlancetaylor @davecheney
mey be related to https://codereview.appspot.com/6936058/

@c9s
Copy link
Contributor

c9s commented May 30, 2015

I got the below output in this case:

len(Sections): 12336
shstrndx: 12336

@c9s
Copy link
Contributor

c9s commented May 30, 2015

The failing case seems failed on Go 1.4.2 too

/usr/local/go/bin/go run elf.go
panic: runtime error: index out of range

goroutine 1 [running]:
debug/elf.NewFile(0x220820f9b0, 0x208236270, 0x1c5ee8, 0x0, 0x0)
    /usr/local/go/src/debug/elf/file.go:379 +0x1638
main.main()
    /Users/c9s/go/elf.go:13 +0x110
exit status 2

@dvyukov
Copy link
Member Author

dvyukov commented May 30, 2015

Then probably shoff is 0 or negative in the following condition:

    if shnum > 0 && shoff > 0 && (shstrndx < 0 || shstrndx >= shnum) {
        return nil, &FormatError{0, "invalid ELF shstrndx", shstrndx}
    }

so the check for shstrndx >= shnum don't trigger.
Please print shnum/shoff as well.

@c9s
Copy link
Contributor

c9s commented May 30, 2015 

len(Sections): 12336
shstrndx: 12336
shnum: 12336
shoff: 0

@gopherbot
Copy link

CL https://golang.org/cl/10477 mentions this issue.

@rsc
Copy link
Contributor

rsc commented Jun 1, 2015

It's too late in the Go 1.5 release process for fuzzer bugs. The chance of hitting any of these is so low that the benefit of the fix is outweighed by the chance of the fix introducing a more serious bug.

@rsc rsc modified the milestones: Unplanned, Go1.5 Jun 1, 2015
@gopherbot
Copy link

Change https://golang.org/cl/162857 mentions this issue: debug/elf: perform stricter section header table checks in NewFile

@golang golang locked and limited conversation to collaborators Feb 29, 2020
@rsc rsc removed their assignment Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@c9s @rsc @dvyukov @gopherbot