acimpoeru / google-glog

Automatically exported from code.google.com/p/google-glog
Other
0 stars 0 forks source link

symbolize can read garbage from ELF file, leading to assertion failure #178

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
Look up a symbol in a small library (on Linux, libaio1.0.1)

What is the expected output? What do you see instead?
This assertion fails, and it shouldn't: 
https://code.google.com/p/google-glog/source/browse/trunk/src/symbolize.cc#284

What version of the product are you using? On what operating system?
glog 1.3.2, Linux x86_64

Please provide any additional information below.

The code in FindSymbol that reads NUM_SYMBOLS symbols at a time 
(https://code.google.com/p/google-glog/source/browse/trunk/src/symbolize.cc#282)
 can read past the end of the symbol table. In my case, it read the entire 
string table as well (until the end of file), which had an odd length, causing 
the assertion to fail. Even if the size happened to be divisible by 
sizeof(ElfW(Sym)), everything read after the end of the symtab is garbage.

The fix would be to read min(NUM_SYMBOLS, num_symbols - i) instead of always 
reading NUM_SYMBOLS.

Original issue reported on code.google.com by tud...@gmail.com on 23 Nov 2013 at 2:12