Overview

File elfutils-fuzz-4.diff of Package elfutils.41427

commit fbf1df9ca286de3323ae541973b08449f8d03aba
Author: Mark Wielaard <mark@klomp.org>
Date:   Thu Feb 13 14:59:34 2025 +0100

    strip: Verify symbol table is a real symbol table
    
    We didn't check the symbol table referenced from the relocation table
    was a real symbol table. This could cause a crash if that section
    happened to be an SHT_NOBITS section without any data. Fix this by
    adding an explicit check.
    
           * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
           message string to display.
           (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
           (remove_debug_relocations): Check the sh_link referenced
           section is real and isn't a SHT_NOBITS section.
    
    https://sourceware.org/bugzilla/show_bug.cgi?id=32673
    
    Signed-off-by: Mark Wielaard <mark@klomp.org>

Index: elfutils-0.185/src/strip.c
===================================================================
--- elfutils-0.185.orig/src/strip.c	2021-05-22 20:25:24.000000000 +0200
+++ elfutils-0.185/src/strip.c	2025-10-22 17:49:39.913939520 +0200
@@ -127,13 +127,14 @@ static char *tmp_debug_fname = NULL;
 /* Close debug file descriptor, if opened. And remove temporary debug file.  */
 static void cleanup_debug (void);
 
-#define INTERNAL_ERROR(fname) \
+#define INTERNAL_ERROR_MSG(fname, msg) \
   do { \
     cleanup_debug (); \
     error (EXIT_FAILURE, 0, _("%s: INTERNAL ERROR %d (%s): %s"),      \
-	   fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \
+	   fname, __LINE__, PACKAGE_VERSION, msg);	\
   } while (0)
 
+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
 
 /* Name of the output file.  */
 static const char *output_fname;
@@ -632,7 +633,14 @@ remove_debug_relocations (Ebl *ebl, Elf
 	     resolve relocation symbol indexes.  */
 	  Elf64_Word symt = shdr->sh_link;
 	  Elf_Data *symdata, *xndxdata;
-	  Elf_Scn * symscn = elf_getscn (elf, symt);
+	  Elf_Scn *symscn = elf_getscn (elf, symt);
+	  GElf_Shdr symshdr_mem;
+	  GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
+	  if (symshdr == NULL)
+	    INTERNAL_ERROR (fname);
+	  if (symshdr->sh_type == SHT_NOBITS)
+	    INTERNAL_ERROR_MSG (fname, "NOBITS section");
+
 	  symdata = elf_getdata (symscn, NULL);
 	  xndxdata = get_xndxdata (elf, symscn);
 	  if (symdata == NULL)
openSUSE Build Service is sponsored by
Places