Bug 145497 - gelf_checksum() generates SIGSEGV
gelf_checksum() generates SIGSEGV
Status: CLOSED RAWHIDE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: elfutils (Show other bugs)
3.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-18 18:10 EST by Kurtis Rader
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-07 17:53:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurtis Rader 2005-01-18 18:10:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Invoking the gelf_checksum() function results in a SIGSEGV. Debugging
shows this is due to the following elf_getdata() call (in
elf32_checksum.c) returning a NULL pointer; which causes the
subsequent dereference to get the d_type structure member to generate
a SIGSEGV:

      while ((data = INTUSE(elf_getdata) (scn, data)) != NULL)
        /* If the file byte order is the same as the host byte order
           process the buffer directly.  If the data is just a stream
           of bytes which the library will not convert we can use it
           as well.  */
        if (likely (same_byte_order) || data->d_type == ELF_T_BYTE)

Test program for reproducing the failure:

#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <libelf.h>
#include <fcntl.h>

main(int argc, char **argv) {
    int i, fd;
    long tmp_checksum;
    Elf *elf;

    elf_version(EV_CURRENT);  /* Initialize ELF version */

    printf("Attempting to generate elf_checksum for %s.\n",argv[1]);
    fd = open(argv[1], O_RDONLY);
    if (fd == -1) { /* open of file failed */
            printf("Unable to open file %s.\n",argv[1]);
            exit(0);
    }
    else {
            printf("Calling elf_begin().\n");
            elf = elf_begin(fd, ELF_C_READ, NULL);
            printf("elf_begin returned %p. Calling
lf_checksum().\n",elf);      
    
            //tmp_checksum = gelf_checksum(elf);
            tmp_checksum = elf64_checksum(elf);
            printf("After gelf_checksum() w/checksum %d.\n",tmp_checksum);
            printf("Calling elf_end().\n");
            elf_end(elf);
            close(fd);
    }
}


Version-Release number of selected component (if applicable):
elfutils-0.91-3

How reproducible:
Always

Steps to Reproduce:
1. cc -o gelf_checksum gelf_checksum.c -lelf
2. ./gelf_checksum gelf_checksum

    

Actual Results:  Attempting to generate elf_checksum for gelf_checksum.
Calling elf_begin().
elf_begin returned 0x9d5e008. Calling lf_checksum().
Segmentation fault


Expected Results:  The message

    After gelf_checksum() w/checksum %d

rather than a segmentation fault.

Additional info:

Also reproduced on FC3.
Comment 1 Jeff Johnson 2005-02-07 17:53:07 EST
This problem is fixed in elfutils-0.99-2 from FC4:

$ cc -o gelf_checksum gelf_checksum.c -lelf
$ ./gelf_checksum gelf_checksum
Attempting to generate elf_checksum for gelf_checksum.
Calling elf_begin().
elf_begin returned 0x9360008. Calling elf_checksum().
After gelf_checksum() w/checksum -1998475604.
Calling elf_end().
[jbj@wellfleet elf]$ rpm -qa elfutils-\*
elfutils-libelf-0.99-2.i386.rpm
elfutils-libelf-devel-0.99-2.i386.rpm
elfutils-devel-0.99-2.i386.rpm

Note You need to log in before you can comment on or make changes to this bug.