File elfutils-fuzz-2.diff of Package elfutils.41427
[slightly amended for old elfutils (0.185)]
commit 73db9d2021cab9e23fd734b0a76a612d52a6f1db
Author: Mark Wielaard <mark@klomp.org>
Date: Sun Feb 9 00:07:39 2025 +0100
readelf: Skip trying to uncompress sections without a name
When combining eu-readelf -z with -x or -p to dump the data or strings
in an (corrupted ELF) unnamed numbered section eu-readelf could crash
trying to check whether the section name starts with .zdebug. Fix this
by skipping sections without a name.
* src/readelf.c (dump_data_section): Don't try to gnu decompress a
section without a name.
(print_string_section): Likewise.
https://sourceware.org/bugzilla/show_bug.cgi?id=32656
Signed-off-by: Mark Wielaard <mark@klomp.org>
Index: elfutils-0.185/src/readelf.c
===================================================================
--- elfutils-0.185.orig/src/readelf.c 2021-05-22 20:25:24.000000000 +0200
+++ elfutils-0.185/src/readelf.c 2025-10-22 17:47:05.796347535 +0200
@@ -1335,7 +1335,7 @@ There are %zd section headers, starting
_("bad compression header for section %zd: %s"),
elf_ndxscn (scn), elf_errmsg (-1));
}
- else if (startswith (sname, ".zdebug"))
+ else if (sname && startswith (sname, ".zdebug"))
{
ssize_t size;
if ((size = dwelf_scn_gnu_compressed_size (scn)) >= 0)
@@ -12635,7 +12635,7 @@ dump_data_section (Elf_Scn *scn, const G
_("Couldn't uncompress section"),
elf_ndxscn (scn));
}
- else if (startswith (name, ".zdebug"))
+ else if (name && startswith (name, ".zdebug"))
{
if (elf_compress_gnu (scn, 0, 0) < 0)
printf ("WARNING: %s [%zd]\n",
@@ -12686,7 +12686,7 @@ print_string_section (Elf_Scn *scn, cons
_("Couldn't uncompress section"),
elf_ndxscn (scn));
}
- else if (startswith (name, ".zdebug"))
+ else if (name && startswith (name, ".zdebug"))
{
if (elf_compress_gnu (scn, 0, 0) < 0)
printf ("WARNING: %s [%zd]\n",
