On Fri, 2014-03-07 at 17:39 -0800, Josh Stone wrote: > The gist is that I have an ET_EXEC binary, /usr/bin/ls. When I call > dwfl_module_getsymtab -> find_symtab -> find_aux_sym -> open_elf, the > following heuristic is triggered: > > libdwfl/dwfl_module_getdwarf.c > 134│ mod->e_type = ehdr->e_type; > 135│ > 136│ /* Relocatable Linux kernels are ET_EXEC but act like ET_DYN. */ > 137│ if (mod->e_type == ET_EXEC && file->vaddr != mod->low_addr) > 138├> mod->e_type = ET_DYN; > > Here file->vaddr = 0x400020 and mod->low_addr = 0x400000, but this > certainly is not a kernel, and should not be treated as ET_DYN.
Right, this check doesn't make sense for a debug or aux file. Thanks for finding this. > Maybe this only needs to add a check that file == &mod->main Yes, I think that would be the correct thing to do. Both find_dw and find_symtab call __libdwfl_getelf first. So the main ELF file will always be loaded through open_elf first. After mod->e_type has been set it should not be set or changed again by either debug of aux file opening. > , but I > wonder if this heuristic is even needed at all, because report_kernel() > forcibly sets ET_DYN itself. There is also dwfl_linux_kernel_report_offline which uses report_kernel_archive which might report a kernel through dwfl_report_offline which won't force the mod->e_type. Cheers, Mark
