mirror of
https://github.com/encounter/object.git
synced 2026-03-30 11:32:22 -07:00
Timo von Hartz
e764a2d169
Some ELF files do have segments with size zero, at offsets that are invalid / out of bounds. This commit changes the default `ReadRef` implementation for `&[u8]` to permit reads that are out of bounds, if the requested length is zero, by returning `&[]`. Examples of such files are debug files created with `objcopy --only-keep-debug`, for example `/usr/lib/debug/.build-id/bd/dd2eaf3326ffce6d173666b5f3e62a376e123a.debug` in package `libgedit-gfls-1-0-dbgsym_0.2.1-2_arm64.deb`: ``` ~ cp /usr/lib/debug/.build-id/bd/dd2eaf3326ffce6d173666b5f3e62a376e123a.debug /tmp/bad_file.elf ~ r2 /tmp/bad_file.elf [0x0000027c]> iI~binsz binsz 64184 [0x0000027c]> iSS [Segments] nth paddr size vaddr vsize perm type name ――――――――――――――――――――――――――――――――――――――――――――――――――――――― 0 0x00000000 0x27c 0x00000000 0x55e0 -r-x MAP LOAD0 1 0x0000fab8 0x0 0x0001fab8 0x5c0 -rw- MAP LOAD1 2 0x0000fab8 0x0 0x0001fb28 0x240 -rw- MAP DYNAMIC [...] 8 0x0000fab8 0x0 0x0001fab8 0x548 -r-- MAP GNU_RELRO ``` This file has multiple segments starting at `0xfab8` (the end of the file), with a physical size of `0`, while the file size is also `0xfab8` (64184). The current `ReadRef` implementation for `&[u8]` causes `ProgramHeader::data` to fail for them, causing e.g. `ElfSegment::bytes` to also fail. While a caller could handle this error, or one could provide their own type implementing `ReadRef` this way, I think it makes sense to do this by default, since no data is *actually* being read out of bounds, but with the current implementation we still try to index out of bounds and then error. Notably with this change this also matches the implementation of `ReadRef` for `ReadCache` which already has a similar check implemented for `read_bytes_at`.
63 lines
1.8 KiB
Rust
63 lines
1.8 KiB
Rust
#[cfg(feature = "std")]
|
|
use std::path::{Path, PathBuf};
|
|
|
|
#[cfg(feature = "std")]
|
|
fn get_buildid(path: &Path) -> Result<Option<Vec<u8>>, object::read::Error> {
|
|
use object::Object;
|
|
let file = std::fs::File::open(path).unwrap();
|
|
let reader = object::read::ReadCache::new(file);
|
|
let object = object::read::File::parse(&reader)?;
|
|
object
|
|
.build_id()
|
|
.map(|option| option.map(ToOwned::to_owned))
|
|
}
|
|
|
|
#[cfg(feature = "std")]
|
|
#[test]
|
|
/// Regression test: used to attempt to allocate 5644418395173552131 bytes
|
|
fn get_buildid_bad_elf() {
|
|
let path: PathBuf = [
|
|
"testfiles",
|
|
"elf",
|
|
"yara-fuzzing",
|
|
"crash-7dc27920ae1cb85333e7f2735a45014488134673",
|
|
]
|
|
.iter()
|
|
.collect();
|
|
let _ = get_buildid(&path);
|
|
}
|
|
|
|
#[cfg(feature = "std")]
|
|
#[test]
|
|
fn get_buildid_less_bad_elf() {
|
|
let path: PathBuf = [
|
|
"testfiles",
|
|
"elf",
|
|
"yara-fuzzing",
|
|
"crash-f1fd008da535b110853885221ebfaac3f262a1c1e280f10929f7b353c44996c8",
|
|
]
|
|
.iter()
|
|
.collect();
|
|
let buildid = get_buildid(&path).unwrap().unwrap();
|
|
// ground truth obtained from GNU binutils's readelf
|
|
assert_eq!(
|
|
buildid,
|
|
b"\xf9\xc0\xc6\x05\xd3\x76\xbb\xa5\x7e\x02\xf5\x74\x50\x9d\x16\xcc\xe9\x9c\x1b\xf1"
|
|
);
|
|
}
|
|
|
|
#[cfg(feature = "std")]
|
|
#[test]
|
|
fn zero_sized_section_works() {
|
|
use object::{Object as _, ObjectSection as _};
|
|
let path: PathBuf = ["testfiles", "elf", "base.debug"].iter().collect();
|
|
let data = std::fs::read(&path).unwrap();
|
|
let object = object::read::File::parse(&data[..]).unwrap();
|
|
|
|
// The unwrap here should not fail, even though the section has an invalid offset, its size is
|
|
// zero so this should succeed.
|
|
let section = object.section_by_name(".bss").unwrap();
|
|
let data = section.data().unwrap();
|
|
assert_eq!(data.len(), 0);
|
|
}
|