[LLVMbugs] [Bug 12469] New: Crash parsing ELF relocations

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Apr 5 13:02:30 PDT 2012


             Bug #: 12469
           Summary: Crash parsing ELF relocations
           Product: libraries
           Version: 3.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Archive library
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: roberto at security.dico.unimi.it
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

ELF files with no ".strtab" sections are not processed correctly. The impact of
this bug is different in 3.0 and trunk: the former crashes, while the latter
resolves symbols to "Unknown".

=== LLVM 3.0 ===
lib/Object/ELFObjectFile.cpp fails to process ELF files with missing ".strtab"

In this situation, the "dot_strtab_sec" attribute of an ELFObjectFile object is
equal to zero, thus when ELFObjectFile::getSymbolName() is called, a crash
occurs (SEGV, on Linux). I believe the ".dynstr" should be also processed, and
not only ".strtab".

To reproduce this bug run "llvm-objdump-3.0 -r /bin/ls" on a standard Linux
distribution (tested on Debian unstable).

This is the output on my Debian box:
~/llvm-3.0.src$ ./Release+Debug/bin/llvm-objdump -r /bin/ls
0  llvm-objdump 0x08256378
Stack dump:
0.      Program arguments: ./Release+Debug/bin/llvm-objdump -r /bin/ls 
Segmentation fault

=== TRUNK ===
In trunk, the behavior is only slightly different:
$ ./Debug+Asserts/bin/llvm-objdump -r /bin/ls

/bin/ls:        file format ELF32-i386

134611096 R_386_JUMP_SLOT Unknown
134611100 R_386_JUMP_SLOT Unknown

The tool does not crash, but all the relocations are resolved to "Unknown". I
guess the problem is still that ".dynstr" is not processed (faulty code has
been moved to include/llvm/Object/ELF.h).

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list