elf.parse cause SIGBUS coredump

[yoloyyh]

when i use goblin 0.8.2 Elf.parse ,I got a coredump:

#0 0x00007f353aa5c88d in $LT$$RF$str$u20$as$u20$scroll..ctx..TryFromCtx$LT$scroll..ctx..StrCtx$GT$$GT$::try_from_ctx::$u7b$$u7b$closure$u7d$$u7d$::h072a70cb4f582865 ( c=0x7fffc6013d68) at /Users/aaa/.cargo/registry/src/rsproxy.cn-0dccff568467c15b/scroll-0.12.0/src/ctx.rs:669 #1 0x00007f353aa4efbb in $LT$core..iter..adapters..take_while..TakeWhile$LT$I$C$P$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::try_fold::check::$u7b$$u7b$closure$u7d$$u7d$::hc31866b19279ad63 (acc=0, x=0x7f353a6090c8 <error: Cannot access memory at address 0x7f353a6090c8>) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/adapters/take_while.rs:81 #2 0x00007f353aa4a086 in core::iter::traits::iterator::Iterator::try_fold::h7c7ede4e884c2409 (self=0x7fffc6014010, init=0, f=...) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:2370 #3 0x00007f353aa4eb46 in $LT$core..iter..adapters..take_while..TakeWhile$LT$I$C$P$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::try_fold::h7498e14a0b37163c ( self=0x7fffc6014010, init=0, fold=...) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/adapters/take_while.rs:95 #4 0x00007f353aa4eac2 in $LT$core..iter..adapters..take_while..TakeWhile$LT$I$C$P$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::fold::h1d71ff3308dee9ce (self=..., init=0, fold=...) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/mod.rs:378 #5 0x00007f353aa4fafb in core::iter::traits::iterator::Iterator::count::h66c54caaa58e47c2 (self=...) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/traits/iterator.rs:225 #6 0x00007f353aa5c4d0 in $LT$$RF$str$u20$as$u20$scroll..ctx..TryFromCtx$LT$scroll..ctx..StrCtx$GT$$GT$::try_from_ctx::h294999d91f86e3e5 (src=..., ctx=...) at /Users/aaa/.cargo/registry/src/rsproxy.cn-0dccff568467c15b/scroll-0.12.0/src/ctx.rs:669 #7 0x00007f353aa51e8e in $LT$$u5b$u8$u5d$$u20$as$u20$scroll..pread..Pread$LT$Ctx$C$E$GT$$GT$::gread_with::h4f045ad1a04357d2 (self=..., offset=0x7fffc60142c8, ctx=...) at /Users/aaa/.cargo/registry/src/rsproxy.cn-0dccff568467c15b/scroll-0.12.0/src/pread.rs:178 #8 0x00007f353aa543b0 in scroll::pread::Pread::pread_with::h0b1d52fe572be34e (self=..., offset=0, ctx=...) at /Users/aaa/.cargo/registry/src/rsproxy.cn-0dccff568467c15b/scroll-0.12.0/src/pread.rs:81 #9 0x00007f353aa503d1 in goblin::strtab::get_str::h5c8b0c577cab4a29 (offset=0, bytes=..., delim=...) at src/strtab.rs:25 #10 goblin::strtab::Strtab::parse::hdb51aa2fa29fef74 (bytes=..., offset=22241480, len=1350444, delim=0) at src/strtab.rs:83 #11 0x00007f353aa6288b in goblin::elf::Elf::parse::$u7b$$u7b$closure$u7d$$u7d$::h193cf89991076e99 (section_headers=..., section_idx=35) at src/elf/mod.rs:294 #12 0x00007f353aa606f6 in goblin::elf::Elf::parse::hbfcc282cd8d9dbfb (bytes=...) at src/elf/mod.rs:307 #13 0x00007f353a7b3553 in parse_goversion::main::hb349c6e0c742dfef () at src/main.rs:269 #14 0x00007f353a7b718b in core::ops::function::FnOnce::call_once::hc30640b3ea7477f7 () at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/ops/function.rs:250 ---Type to continue, or q to quit--- #15 0x00007f353a7b54dd in std::sys::backtrace::__rust_begin_short_backtrace::h6d886787d88408eb (f=0x7f353a7b3230 <parse_goversion::main::hb349c6e0c742dfef>) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/std/src/sys/backtrace.rs:154 #16 0x00007f353a7b3cd1 in std::rt::lang_start::$u7b$$u7b$closure$u7d$$u7d$::h95b9bfae856214f9 () at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/std/src/rt.rs:195 #17 0x00007f353aa82a27 in core::ops::function::impls::$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::h8a13979a2abe08f7 () at core/src/ops/function.rs:284 #18 std::panicking::try::do_call::heff6a38dde3fea4d () at std/src/panicking.rs:557 #19 std::panicking::try::h6bb75ada77139494 () at std/src/panicking.rs:520 #20 std::panic::catch_unwind::h56cd535bcabc9475 () at std/src/panic.rs:358 #21 std::rt::lang_start_internal::$u7b$$u7b$closure$u7d$$u7d$::h5813a02bc35ebabb () at std/src/rt.rs:174 #22 std::panicking::try::do_call::h92e6711a5ad8e040 () at std/src/panicking.rs:557 #23 std::panicking::try::hf3e871298348e599 () at std/src/panicking.rs:520 #24 std::panic::catch_unwind::hb808472a42c98cff () at std/src/panic.rs:358 #25 std::rt::lang_start_internal::h89fa8827df72c2df () at std/src/rt.rs:174 #26 0x00007f353a7b3caa in std::rt::lang_start::h3b44c2e9764b3b1c (main=0x7f353a7b3230 <parse_goversion::main::hb349c6e0c742dfef>, argc=2, argv=0x7fffc6017c78, sigpipe=0) at /Users/aaa/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/std/src/rt.rs:194 #27 0x00007f353a7b3bde in main () at std/src/sys/thread_local/native/lazy.rs:81

[m4b]

thank you for the backtrace; initial perusal of this, i don't see any direct unsafe paths being hit or something else along those lines, it just fails during str parsing, which uses no unsafe afaics.

1. I assume this is on a linux machine, what os
2. It appears to fail in parsing section headers, can you tell us more about the kind of file you're parsing? a coredump perhaps?
3. Are you memmapping the binary by any chance?

If possible, uploading the binary will be helpful as well, thank you!