Hi Mark, On 2016-06-23, Mark Wielaard wrote: >> When getting section headers it is assumed that the first section >> is on the first section list. However, it is possible that the >> first section list only contains the zeroth section, in which >> case either illegal memory access occurs or elf_nextscn() >> erroneously returns NULL. >> >> With this patch, checks are added to avoid the illegal memory >> access and (if available) the second section list is looked at >> to find the first section. > > Both changes to updatenull and nextscn do make sense to me. > > I assume this wasn't just theoretical? I didn't immediately see how > this situation occurs. Do you happen to have an example/testcase? The situation occurs when adding sections to an existing ELF file that has none. You can see that in: libelf/elf_begin.c:file_read_elf() When an ELF file is opened with ELF_C_RDWR or ELF_C_RDWR_MMAP, scnmax is set to 1. That leads to the first section being placed on the second section list when elf_newscn() is called. Below is a relatively simple program to demonstrate this. This program adds customized section notes to core files. It is being developed as a feature for the minicoredumper project. John Ogness