From: Mark Wielaard Date: Sat, 7 Mar 2026 14:55:48 +0000 (+0100) Subject: libelf: elf_update should make sure section zero exists X-Git-Tag: elfutils-0.195~41 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=e91caaa8fcf51b8484b4a47df317d3362e462c37;p=thirdparty%2Felfutils.git libelf: elf_update should make sure section zero exists elf_update might crash for 65280+ sections when section zero headers aren't loaded. Make sure section zero is loaded before trying to write to it. Add testcase to tests/test-manyfuncs.c but use ELF_C_READ_MMAP_PRIVATE to workaround https://sourceware.org/bugzilla/show_bug.cgi?id=33968 * libelf/elf32_updatenull.c (updatenull_wrlock): Call getshdr_wrlock to load shdr. * tests/test-manyfuncs.c (check_elf): Use elf_begin with ELF_C_READ_MMAP_PRIVATE if use_mmap. Call elf_update early. https://sourceware.org/bugzilla/show_bug.cgi?id=33967 Signed-off-by: Mark Wielaard --- diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c index 74c27fda..57239ee4 100644 --- a/libelf/elf32_updatenull.c +++ b/libelf/elf32_updatenull.c @@ -184,6 +184,10 @@ __elfw2(LIBELFBITS,updatenull_wrlock) (Elf *elf, int *change_bop, size_t shnum) of the zeroth section. */ Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0]; + /* Make sure section zero header is actually loaded. */ + if (scn0->shdr.ELFW(e,LIBELFBITS) == NULL) + (void) __elfw2(LIBELFBITS,getshdr_wrlock) (scn0); + update_if_changed (scn0->shdr.ELFW(e,LIBELFBITS)->sh_size, shnum, scn0->shdr_flags); } diff --git a/tests/test-manyfuncs.c b/tests/test-manyfuncs.c index 72569020..3129682d 100644 --- a/tests/test-manyfuncs.c +++ b/tests/test-manyfuncs.c @@ -52,13 +52,26 @@ check_elf (const char *fname, bool use_mmap) exit (1); } - Elf *elf = elf_begin (fd, use_mmap ? ELF_C_READ_MMAP : ELF_C_READ, NULL); + Elf *elf = elf_begin (fd, use_mmap ? ELF_C_READ_MMAP_PRIVATE : ELF_C_READ, + NULL); if (elf == NULL) { printf ("cannot create ELF descriptor: %s\n", elf_errmsg (-1)); exit (1); } + /* Check if we can update the elf layout without having read anything. + This used to crash with 65280+ sections. + https://sourceware.org/bugzilla/show_bug.cgi?id=33967 + Still crashes for read-only mmap. + https://sourceware.org/bugzilla/show_bug.cgi?id=33968 + */ + if (elf_update (elf, ELF_C_NULL) < 0) + { + printf ("failure in elf_update: %s\n", elf_errmsg (-1)); + exit (1); + } + /* How many sections are there? */ size_t shnum; if (elf_getshdrnum (elf, &shnum) < 0)