If an ELF file has no section header table (shoff = 0), shnum must be
zero as well according to elf(5).
So far, when only shnum was zero but shoff was non-zero (i.e. in an
invalid ELF file) shstrndx wasn't properly checked and could result in
an 'index out of range' later on.
Fixes #10996
Change-Id: Ic248d2d77099b0036458e2a844b086a5f463c844
Reviewed-on: https://go-review.googlesource.com/c/162857
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
var phentsize, phnum int
var shoff int64
var shentsize, shnum, shstrndx int
- shstrndx = -1
switch f.Class {
case ELFCLASS32:
hdr := new(Header32)
shstrndx = int(hdr.Shstrndx)
}
- if shnum > 0 && shoff > 0 && (shstrndx < 0 || shstrndx >= shnum) {
+ if shoff == 0 && shnum != 0 {
+ return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
+ }
+
+ if shnum > 0 && shstrndx >= shnum {
return nil, &FormatError{0, "invalid ELF shstrndx", shstrndx}
}
}
}
}
+
+func TestIssue10996(t *testing.T) {
+ data := []byte("\u007fELF\x02\x01\x010000000000000" +
+ "\x010000000000000000000" +
+ "\x00\x00\x00\x00\x00\x00\x00\x0000000000\x00\x00\x00\x00" +
+ "0000")
+ _, err := NewFile(bytes.NewReader(data))
+ if err == nil {
+ t.Fatalf("opening invalid ELF file unexpectedly suceeded")
+ }
+}