From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============6061760008696306489=="
MIME-Version: 1.0
From: Thilo Schulz <thilo@tjps.eu>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: [PATCH] Fix section corruption bug
Date: Tue, 10 Jun 2014 15:31:09 +0200
Message-ID: <201406101531.09654.thilo@tjps.eu>
In-Reply-To: 1402393695.3940.37.camel@bordewijk.wildebeest.org

--===============6061760008696306489==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On Tuesday 10 June 2014 11:48:15 Mark Wielaard wrote:
> On Mon, 2014-06-09 at 21:05 +0200, Thilo Schulz wrote:
> > When adding data to existing sections in ELF files, libelf may corrupt
> > those sections, i.e. overwrite the existing data if certain conditions
> > are met.
> > =

> > If an Elf_Scn structure has seen a call to elf_rawdata(scn) before but =
no
> > call to elf_getdata(scn), scn->read_data flag is set, but not
> > scn->data_list_rear.
> =

> Do you happen to have a small testcase that shows the buggy behavior?

Sure. This is an excerpt from the final program. A short word on what it is =

supposed to do in my practical application:
I am doing a project for the AVR platform, which is mixed C/assembly. For =

command parser functions that are called out of assembly into C code, I nee=
d =

to replace the final return statements with rjmps back to =

program code in an object file generated from my assembly.
So I want to  add new symbols and relocations to a cmd.o file.

Find as attachment a simple program, which checks for the presence of the t=
wo =

symbols cmd_response and cmd_noresponse and adds them if they don't exist.
Since the AVR architecture is 8 bit, I am only using Elf32_ structures =

throughout, so you may need to compile test .o objects with -m32 for the te=
st =

program to work on them. =


> I was wondering whether we want to check scn->rawdata.s directly, or if
> we could rely on ELF_F_FILEDATA being set for scn->flags?

Seems reasonable though I don't know the code as well as you do I guess.

As a further note: A similar bug, albeit for slightly different reasons, oc=
curs =

when adding relocations. Adding a relocation with elf_newdata() then =

elf_update() =

results in the old data being "forgotten" if there was no elf_getdata() cal=
l =

before to load that data into memory. The cause is a bit different because =
in =

this case, there was not a call to elf_rawdata() before and this still =

happened. I imagine, this might also be a problem for string tables.

-- =

Best regards,
Thilo Schulz

--===============6061760008696306489==
Content-Type: text/x-csrc
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="elf-test.c"

LyoKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09CkNvcHlyaWdodCAoQykgMjAxNCBFc3NlbnRpYWwgTmF0dXJl
IChUaGlsbyBTY2h1bHopCgpGaXggdGhlIGNvbW1hbmQgcGFyc2UgZnVuY3Rpb25zIHNvIGFzIHRv
IHJlcGxhY2UgcmV0CndpdGggYW4gcmptcCB0byB0aGUgYXBwcm9wcmlhdGUgbG9jYXRpb24KPT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09CiovCgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1ZGUgPHN0ZGxpYi5o
PgojaW5jbHVkZSA8dW5pc3RkLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2luY2x1ZGUgPHN5
cy9zdGF0Lmg+CiNpbmNsdWRlIDxmY250bC5oPgojaW5jbHVkZSA8c3lzZXhpdHMuaD4KI2luY2x1
ZGUgPHN0cmluZy5oPgojaW5jbHVkZSA8ZXJybm8uaD4KCiNpbmNsdWRlIDxsaWJlbGYuaD4KI2lu
Y2x1ZGUgPGdlbGYuaD4KCmludCBpc2JlID0gMDsKaW50IGZvdW5kX3Jlc3AsIGZvdW5kX25vcmVz
cDsKRWxmMzJfU3ltIGZyZXNwLCBmbm9yZXNwOwoKdm9pZCBkb19oZWxwKGNoYXIgKnByb2duYW1l
KQp7CiAgcHJpbnRmKCJVc2FnZTogJXMgW29wdGlvbnNdIDxmaWxlbmFtZT5cbiIKICAgICAgICAg
Ik1vZGlmeSB0aGUgZWxmIGZpbGVzIGZvciB0aGUgY29tbWFuZCBwYXJzZXIgc28gYXMgdG8gdXNl
IHJqbXAgaW5zdGVhZFxuIgogICAgICAgICAib2YgcmV0IGluc3RydWN0aW9uIHRvIHJldHVybiB0
byBtYWluIGludGVycnVwdCBzZXJ2aWNlIHJvdXRpbmUuXG5cbiIKICAgICAgICAgIk9wdGlvbnM6
XG4iCiAgICAgICAgICIgIC1oICAgICAgICAgICAgICAgICAgICAgICAgICBQcmludCB0aGlzIGhl
bHBcbiIKICAgICAgICAgIlxuIiwKICAgICAgICAgcHJvZ25hbWUpOwp9CgpFbGZfU2NuICpnZXRf
c2VjdGlvbihFbGYgKm9iaiwgRWxmMzJfV29yZCBzaF90eXBlLCBjb25zdCBjaGFyICpzZWNuYW1l
KQp7CiAgRWxmX1NjbiAqY3Vyc2VjOwogIEVsZjMyX1NoZHIgKmN1cmhkcjsKICBzaXplX3Qgc2hz
dHJuZGV4OwogIGNoYXIgKm5hbWU7CiAgCiAgaWYoZWxmX2dldHNoZHJzdHJuZHgob2JqLCAmc2hz
dHJuZGV4KSkKICB7CiAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkbid0IGdldCBsaXN0IG9mIHNl
Y3Rpb24gbmFtZXM6ICVzXG4iLCBlbGZfZXJybXNnKC0xKSk7CiAgICBleGl0KEVYX0RBVEFFUlIp
OwogIH0KCiAgY3Vyc2VjID0gTlVMTDsKICAKICB3aGlsZSgoY3Vyc2VjID0gZWxmX25leHRzY24o
b2JqLCBjdXJzZWMpKSkKICB7CiAgICBpZighKGN1cmhkciA9IGVsZjMyX2dldHNoZHIoY3Vyc2Vj
KSkpCiAgICB7CiAgICAgIGZwcmludGYoc3RkZXJyLCAiQ291bGRuJ3QgZ2V0IHNlY3Rpb24gaGVh
ZGVyOiAlc1xuIiwgZWxmX2Vycm1zZygtMSkpOwogICAgICBleGl0KEVYX0RBVEFFUlIpOwogICAg
fQogICAgCiAgICBpZihuYW1lID0gZWxmX3N0cnB0cihvYmosIHNoc3RybmRleCwgY3VyaGRyLT5z
aF9uYW1lKSkKICAgIHsKICAgICAgaWYoY3VyaGRyLT5zaF90eXBlID09IHNoX3R5cGUgJiYgKCFz
ZWNuYW1lIHx8ICFzdHJjbXAobmFtZSwgc2VjbmFtZSkpKQogICAgICAgIHJldHVybiBjdXJzZWM7
CiAgICB9CiAgfQogIAogIHJldHVybiBOVUxMOwp9CgpzaXplX3QgYWRkX3N0cmluZ3RvdGFibGUo
RWxmICpvYmosIHNpemVfdCB0YWJsZWluZCwgY2hhciAqc3RyKQp7CiAgRWxmX1NjbiAqc3Ryc2Vj
OwogIEVsZjMyX1NoZHIgKnN0cmhkcjsKICBFbGZfRGF0YSAqZGF0YTsKICBzaXplX3QgbGFzdG9m
czsKCiAgaWYoIShzdHJzZWMgPSBlbGZfZ2V0c2NuKG9iaiwgdGFibGVpbmQpKSkKICB7CiAgICBm
cHJpbnRmKHN0ZGVyciwgIkNvdWxkbid0IGdldCBzZWN0aW9uIHRvIHN0cmluZyB0YWJsZSAlemQ6
ICVzXG4iLCBlbGZfZXJybXNnKC0xKSk7CiAgICBleGl0KEVYX0RBVEFFUlIpOwogIH0KCiAgaWYo
IShzdHJoZHIgPSBlbGYzMl9nZXRzaGRyKHN0cnNlYykpKQogIHsKICAgIGZwcmludGYoc3RkZXJy
LCAiQ291bGRuJ3QgZ2V0IGhlYWRlciBvZiBzdHJpbmcgdGFibGVcbiIpOwogICAgZXhpdChFWF9E
QVRBRVJSKTsKICB9CiAgCiAgLy8gV29ya2Fyb3VuZCBmb3IgYnVnIGluIGxpYmVsZgovLyAgZGF0
YSA9IGVsZl9nZXRkYXRhKHN0cnNlYywgTlVMTCk7CiAgCiAgaWYoIShkYXRhID0gZWxmX25ld2Rh
dGEoc3Ryc2VjKSkpCiAgewogICAgZnByaW50ZihzdGRlcnIsICJDb3VsZG4ndCBhZGQgZGF0YSB0
byBzdHJpbmcgdGFibGU6ICVzXG4iLCBlbGZfZXJybXNnKC0xKSk7CiAgICBleGl0KEVYX0RBVEFF
UlIpOwogIH0KICAKICBkYXRhLT5kX2FsaWduID0gMTsKICBkYXRhLT5kX2J1ZiA9IHN0cjsKICBk
YXRhLT5kX3NpemUgPSBzdHJsZW4oc3RyKSArIDE7CiAgZGF0YS0+ZF90eXBlID0gRUxGX1RfQllU
RTsKICAKICBsYXN0b2ZzID0gc3RyaGRyLT5zaF9zaXplOwogIHN0cmhkci0+c2hfc2l6ZSArPSBk
YXRhLT5kX3NpemU7CiAgCiAgcmV0dXJuIGxhc3RvZnM7Cn0KCnZvaWQgYWRkX3VuZGVmaW5lZHN5
bShFbGYgKm9iaiwgRWxmX1NjbiAqc2NuLCBFbGYzMl9TeW0gKmRlc3QsIHNpemVfdCB0YWJsZWlu
ZCwgY2hhciAqc3RyKQp7CiAgRWxmX0RhdGEgKmRhdGE7CiAgR0VsZl9TeW0gdW5kZWY7CgogIGlm
KCEoZGF0YSA9IGVsZl9uZXdkYXRhKHNjbikpKQogIHsKICAgIGZwcmludGYoc3RkZXJyLCAiQ291
bGRuJ3QgYWRkIHN5bWJvbCAlcyB0byBzeW1ib2wgdGFibGU6ICVzXG4iLCBzdHIsIGVsZl9lcnJt
c2coLTEpKTsKICAgIGV4aXQoRVhfREFUQUVSUik7CiAgfQoKICB1bmRlZi5zdF9uYW1lID0gYWRk
X3N0cmluZ3RvdGFibGUob2JqLCB0YWJsZWluZCwgc3RyKTsKICB1bmRlZi5zdF92YWx1ZSA9IDA7
CiAgdW5kZWYuc3Rfc2l6ZSA9IDA7CiAgdW5kZWYuc3RfaW5mbyA9IEdFTEZfU1RfSU5GTyhTVEJf
R0xPQkFMLCBTVFRfTk9UWVBFKTsKICB1bmRlZi5zdF9vdGhlciA9IFNUVl9ERUZBVUxUOwogIHVu
ZGVmLnN0X3NobmR4ID0gMDsKCiAgZGF0YS0+ZF9hbGlnbiA9IDQ7CiAgZGF0YS0+ZF9idWYgPSBk
ZXN0OwogIGRhdGEtPmRfc2l6ZSA9IHNpemVvZigqZGVzdCk7CiAgZGF0YS0+ZF90eXBlID0gRUxG
X1RfU1lNOwoKICBpZighZ2VsZl91cGRhdGVfc3ltKGRhdGEsIDAsICZ1bmRlZikpCiAgewogICAg
ZnByaW50ZihzdGRlcnIsICJDb3VsZG4ndCBhZGQgc3ltYm9sICVzIHRvIHN5bWJvbCB0YWJsZTog
JXNcbiIsIHN0ciwgZWxmX2Vycm1zZygtMSkpOwogICAgZXhpdChFWF9EQVRBRVJSKTsKICB9Cn0K
CmludCBtb2RpZnlfZWxmKGNvbnN0IGNoYXIgKmZuYW1lKQp7CiAgaW50IGZkOwogIEVsZiAqb2Jq
OwogIEVsZjMyX0VoZHIgKmVoZHI7CiAgRWxmX1NjbiAqc3ltc2VjLCAqcHJvZ3NlYzsKICBFbGYz
Ml9TaGRyICpzeW1zZWNoZHI7CiAgRWxmX0RhdGEgKmRhdGEsICpwcm9nZGF0YTsKICBHRWxmX1N5
bSBzeW07CiAgY2hhciAqbmFtZTsKICBpbnQgbnVtc3ltLCBpbmRleDsKICAKICBpZihlbGZfdmVy
c2lvbihFVl9DVVJSRU5UKSA9PSBFVl9OT05FKQogIHsKICAgIGZwcmludGYoc3RkZXJyLCAiQ291
bGQgbm90IGluaXRpYWxpemUgRUxGIGxpYnJhcnk6ICVzXG4iLCBlbGZfZXJybXNnKC0xKSk7CiAg
ICByZXR1cm4gRVhfU09GVFdBUkU7CiAgfQogIAogIGlmKChmZCA9IG9wZW4oZm5hbWUsIE9fUkRX
UiwgMCkpIDwgMCkKICB7CiAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkbid0IG9wZW4gZWxmIGZp
bGU6ICVzXG4iLCBzdHJlcnJvcihlcnJubykpOwogICAgcmV0dXJuIEVYX05PSU5QVVQ7CiAgfQog
IAogIGlmKCEob2JqID0gZWxmX2JlZ2luKGZkLCBFTEZfQ19SRFdSLCBOVUxMKSkpCiAgewogICAg
ZnByaW50ZihzdGRlcnIsICJDb3VsZG4ndCBwYXJzZSBlbGYgZmlsZTogJXNcbiIsIGVsZl9lcnJt
c2coLTEpKTsKICAgIHJldHVybiBFWF9EQVRBRVJSOwogIH0KCiAgaWYoIShlaGRyID0gZWxmMzJf
Z2V0ZWhkcihvYmopKSkKICB7CiAgICBmcHJpbnRmKHN0ZGVyciwgIkZhaWxlZCB0byByZXRyaWV2
ZSBlbGYgaGVhZGVyOiAlc1xuIiwgZWxmX2Vycm1zZygtMSkpOwogICAgcmV0dXJuIEVYX0RBVEFF
UlI7CiAgfQoKICBpZigoZWhkci0+ZV9pZGVudFtFSV9EQVRBXSAmIEVMRkRBVEEyTVNCKSkKICAg
IGlzYmUgPSAxOwoKICBzeW1zZWMgPSBnZXRfc2VjdGlvbihvYmosIFNIVF9TWU1UQUIsICIuc3lt
dGFiIik7CiAgCiAgaWYoIXN5bXNlYykKICB7CiAgICBmcHJpbnRmKHN0ZGVyciwgIk5vIHN5bWJv
bCBzZWN0aW9uIGZvdW5kXG4iKTsKICAgIHJldHVybiBFWF9EQVRBRVJSOwogIH0KICAKICBkYXRh
ID0gTlVMTDsKICBpZighKGRhdGEgPSBlbGZfZ2V0ZGF0YShzeW1zZWMsIGRhdGEpKSB8fCAhZGF0
YS0+ZF9zaXplKQogIHsKICAgIGZwcmludGYoc3RkZXJyLCAiTm8gZGF0YSBhc3NvY2lhdGVkIHdp
dGggc3ltYm9sIHNlY3Rpb25cbiIpOwogICAgcmV0dXJuIEVYX0RBVEFFUlI7CiAgfQoKICBpZigh
KHN5bXNlY2hkciA9IGVsZjMyX2dldHNoZHIoc3ltc2VjKSkpCiAgewogICAgZnByaW50ZihzdGRl
cnIsICJDb3VsZG4ndCBnZXQgaGVhZGVyIG9mIHN5bWJvbCBzZWN0aW9uXG4iKTsKICAgIHJldHVy
biBFWF9EQVRBRVJSOwogIH0KICAKICBudW1zeW0gPSAwOwogIGZvdW5kX3Jlc3AgPSAwOwogIGZv
dW5kX25vcmVzcCA9IDA7CiAgCiAgd2hpbGUoZ2VsZl9nZXRzeW0oZGF0YSwgbnVtc3ltLCAmc3lt
KSkKICB7CiAgICBuYW1lID0gZWxmX3N0cnB0cihvYmosIHN5bXNlY2hkci0+c2hfbGluaywgc3lt
LnN0X25hbWUpOwoKICAgIGlmKCFzdHJjbXAobmFtZSwgImNtZF9yZXNwb25zZSIpKQogICAgICBm
b3VuZF9yZXNwID0gbnVtc3ltOwogICAgZWxzZSBpZighc3RyY21wKG5hbWUsICJjbWRfbm9yZXNw
b25zZSIpKSAgICAKICAgICAgZm91bmRfbm9yZXNwID0gbnVtc3ltOwoKICAgIG51bXN5bSsrOwog
IH0KICAKICAvKgogICAqIE1ha2Ugc3VyZSBzeW1ib2wgdGFibGUgY29udGFpbnMgdW5kZWZpbmVk
IHN5bWJvbHMgY21kX3Jlc3BvbnNlIGFuZCBjbWRfbm9yZXNwb25zZQogICAqLwoKICBpZighZm91
bmRfbm9yZXNwKQogIHsKICAgIGFkZF91bmRlZmluZWRzeW0ob2JqLCBzeW1zZWMsICZmbm9yZXNw
LCBzeW1zZWNoZHItPnNoX2xpbmssICJjbWRfbm9yZXNwb25zZSIpOwogICAgZm91bmRfbm9yZXNw
ID0gbnVtc3ltKys7CiAgfQoKICBpZighZm91bmRfcmVzcCkKICB7CiAgICBhZGRfdW5kZWZpbmVk
c3ltKG9iaiwgc3ltc2VjLCAmZnJlc3AsIHN5bXNlY2hkci0+c2hfbGluaywgImNtZF9yZXNwb25z
ZSIpOwogICAgZm91bmRfcmVzcCA9IG51bXN5bSsrOwogIH0KCiAgZWxmX3VwZGF0ZShvYmosIEVM
Rl9DX1dSSVRFKTsKICAKICBlbGZfZW5kKG9iaik7CiAgCiAgaWYoY2xvc2UoZmQpIDwgMCkKICB7
CiAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkbid0IGNsb3NlIGVsZiBmaWxlOiAlc1xuIiwgc3Ry
ZXJyb3IoZXJybm8pKTsKICAgIHJldHVybiBFWF9OT0lOUFVUOwogIH0KfQoKaW50IG1haW4oaW50
IGFyZ2MsIGNoYXIgKiphcmd2KQp7CiAgaW50IG9wdDsKICAKICAgaWYoYXJnYyA8IDIpCiAgewog
ICAgaWYoYXJnYyA8IDEpCiAgICAgIGRvX2hlbHAoImVsZi1maXhjbWQiKTsKICAgIGVsc2UKICAg
ICAgZG9faGVscChhcmd2WzBdKTsKCiAgICByZXR1cm4gRVhfT0s7CiAgfQogIAogIHdoaWxlKChv
cHQgPSBnZXRvcHQoYXJnYywgYXJndiwgImgiKSkgIT0gLTEpCiAgewogICAgc3dpdGNoKG9wdCkK
ICAgIHsKICAgICAgY2FzZSAnaCc6CiAgICAgICAgZG9faGVscChhcmd2WzBdKTsKICAgICAgICBy
ZXR1cm4gRVhfT0s7CiAgICAgIGJyZWFrOwogICAgICBkZWZhdWx0OgogICAgICAgIHJldHVybiBF
WF9VU0FHRTsKICAgIH0KICB9CiAgCiAgcmV0dXJuIG1vZGlmeV9lbGYoYXJndltvcHRpbmRdKTsK
fQo=

--===============6061760008696306489==--