pyelftools
pyelftools copied to clipboard
Bug: Unlimited recursion when parsing linked sections
When the class ELFFile
parses sections that are linked via sh_link
it doesn't check for any loops
in the linked list.
According to Oracles Linker and Libraries Guide a linked list of sections can be terminated by
a section that points to itself if sh_flags
contains the flag SHF_ORDERED
.
In the current state of pyelftools however such an endless loop would result in a RecursionError
exception.
The following ELF file can trigger the exception when parsed with the current version of pyelftools: crash-d08fc9a817c40b3c241a163d9101ab425fe31db5 As the name indicates this bug was found through fuzzing and thus the crash file does not adhere to the ELF standard however it would be possible to create a valid ELF file that triggers the same exception.
Thanks for the report. PRs to fix this are welcome.
To elaborate, the problem in the linked file is that section 0 has type SHT_HASH and has 0 as sh_link (e. g. points at itself). ELFFile.get_section()
for section 0 tries to build a ELFHashSection
, follows the link, which calls get_section()
with 0 and so on.
@pd-fkie Addressed in #522 by validating which section types can link to which.