From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5011 invoked by alias); 15 Aug 2018 20:43:38 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 4986 invoked by uid 48); 15 Aug 2018 20:43:33 -0000 From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug libelf/23528] When executing ./eu-nm or ./eu-readelf -aAdehIlnrsSVcp -w, AddressSanitizer catch a double-free crash. Date: Wed, 15 Aug 2018 20:43:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: libelf X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2018-q3/txt/msg00064.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D23528 Mark Wielaard changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mark at klomp dot org --- Comment #3 from Mark Wielaard --- (In reply to Frank Ch. Eigler from comment #2) > FWIW, is there some technical reason why an .zdebug section couldn't > possibly ALSO be SHT_COMPRESSED ? i.e., compressed twice for some reason= by > the generator? In theory you could gabi compress a section that is GNU compressed. But in practice eu-elfcompress won't let you do that (it will first decompress the .zdebug_xxx section, rename it to .debug_xxx and then gabi compress it). It would also be somewhat pointless since they use the same zlib compression scheme. So unless you use ELF_CHF_FORCE it wouldn't actually work since the result would likely be bigger. The other way around however (GNU compress an already gabi compressed secti= on) would be problematic. There is no good way to know whether the data is corrupted or already (de)compressed since the GNU compression has no meta-d= ata (like Elf[32|64]_Chdr or a section flag) associated only the implicit secti= on naming, but from just the name you cannot know whether or not the section d= ata has already be (de)compressed. So I think the correct fix is as follows: diff --git a/libelf/elf_compress_gnu.c b/libelf/elf_compress_gnu.c index c35dc395..dfa7c571 100644 --- a/libelf/elf_compress_gnu.c +++ b/libelf/elf_compress_gnu.c @@ -80,7 +80,9 @@ elf_compress_gnu (Elf_Scn *scn, int inflate, unsigned int flags) sh_addralign =3D shdr->sh_addralign; } - if ((sh_flags & SHF_ALLOC) !=3D 0) + /* Allocated sections, or sections that are already compressed + cannot (also) be GNU compressed. */ + if ((sh_flags & SHF_ALLOC) !=3D 0 || (sh_flags & SHF_COMPRESSED)) { __libelf_seterrno (ELF_E_INVALID_SECTION_FLAGS); return -1; That way you could still (theoretically) gabi compress a gnu compressed section. But you wouldn't be able to gnu (de)compress a section that is alr= eady gabi compressed (unless you first [gabi] decompress it). --=20 You are receiving this mail because: You are on the CC list for the bug.