search

konrad-kruczynski / elfsharp

Pure managed C# library for reading ELF, UImage, Mach-O binaries.
https://elfsharp.it
Other
151 stars 56 forks source link

`ELFReader.Load<uint>()` fails after trying to access a table that is null. #24

Closed luk32 closed 9 years ago

luk32 commented 9 years ago

When loading a ELF file during ReadSections(), FindStringTables() sets dynamicStringTable to null. Then during the loop performing TouchSection, GetSectionFromSectionHeader() there is a case where header.Type is SectionType.DynamicSymbolTable.

The null dynamicStringTable is passed to new SymbolTable<T>(header, readerSource, dynamicStringTable, this) and then during ReadSymbols() tries to access it as table on line var name = table[nameIdx];. This blows up.

This happens during TouchSection for i == 9 in the linked ELF.

konrad-kruczynski commented 9 years ago

Since readelf on this file outputs:

  0 Symbol table '.dynsym' contains 12 entries:
  0    Num:    Value  Size Type    Bind   Vis      Ndx Name
  0      0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND <corrupt>
  0      1: 00108000     0 SECTION LOCAL  DEFAULT    1 <corrupt>
  0      2: 00175170     0 SECTION LOCAL  DEFAULT    5 <corrupt>
  0      3: 0017b608     0 NOTYPE  GLOBAL DEFAULT    8 <corrupt>
  0      4: 0017adb8     0 NOTYPE  GLOBAL DEFAULT    7 <corrupt>
  0      5: 001bfeac     0 NOTYPE  GLOBAL DEFAULT   10 <corrupt>
  0      6: 0017b608     0 NOTYPE  GLOBAL DEFAULT    7 <corrupt>

I will follow the same way and mark those names as corrupted.