#447 segmentation fault in global char arrays of elfdump.c

[antiAgainst]

Based on r2983.

In elfdump.c, there are lots of global string arrays for various fields of ELF, e.g., e_types[], ei_abis[], etc. However, many of these arrays are not exhaustive, and there lacks a strategy to handle indices out of the range supported by these arrays. And segfault will be caused. A test case is attached and the command is elfdump elfdump-1-23-A. In this test case, an index into ei_abis[] is out of range and causes a segfault. gdb output:

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>,

ap=ap@entry=0x7fffffffd368) at vfprintf.c:1655
1655 vfprintf.c: No such file or directory.

#0  0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>,
    format=<optimized out>, ap=ap@entry=0x7fffffffd368) at vfprintf.c:1655
#1  0x00002aaaaad23f57 in __fprintf (stream=<optimized out>, format=<optimized out>) at fprintf.c:32
#2  0x00000000004042fe in elf_print_ehdr (ed=0x7fffffffd4e0) at elfdump.c:1506
#3  0x000000000040383a in elf_print_elf (ed=0x7fffffffd4e0) at elfdump.c:1274
#4  0x000000000040372c in elf_print_object (ed=0x7fffffffd4e0) at elfdump.c:1237
#5  0x000000000040311a in main (ac=1, av=0x7fffffffd670) at elfdump.c:941

p ed->ehdr.e_ident[EI_OSABI] get 97 'a'. p ei_abis[ed->ehdr.e_ident[EI_OSABI]] get 0x800000004 <Address 0x800000004 out of bounds>. Jump into ei_abis[], it only has 13 elements. Pointer out of bounds.

[Ed Maste]

Yes. It's also unfortunate that this functionality exists in both elfdump and readelf.

One possible fix would be to move elf_osabi(), elf_machine() etc. from readelf into libelftc and share it with elfdump.

Alternatively, it may make sense to just roll elfdump into readelf and switch behaviour based on argv[0].