jld
commented
1 year ago goblin's API is a little suboptimal here; Elf::iter_note_headers seems to expect a &[u8] that starts at the beginning of the file and covers all of the PT_NOTE segments. But what we really want to do is:
- Read the ELF header
- Read the program headers
- Read the note segments
Although, if we expect that those will all be close to the start of the file — and in practice they seem to be within the first ~1k — we could just copy in some convenient small amount like 4k (in one syscall, if we have #72), and fall back to larger sizes if we get goblin::error::Error::Scroll(scroll::error::Error::BadOffset(…)).
We'd still want to use that lazy_parse feature for that, I think, because there are going to be headers that point to things outside the area we're reading and that we don't care about.
gabrielesvelto
lissyx
afranchuk
When populating the module list on Linux we extract the GNU build ID from each executable. To do so we first
mmap()the entire file in the process writing the minidump and then extract the data from there. This has a couple of important drawbacks:mmap()may fail on 32-bit hosts, we've also seen this happen in 32-bit builds of Firefox.We could avoid all these issues by reading the ELF headers directly from the process we're dumping.
goblinsupports parsing an ELF file lazily, though one has to do it manually (see this example).