[Bug backends/34007] crash with eu-strip from 0.192

Thu, 19 Mar 2026 07:44:24 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=34007

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
Maybe something like this?

diff --git a/libebl/eblopenbackend.c b/libebl/eblopenbackend.c
index dbe4b94741d5..e2a503214713 100644
--- a/libebl/eblopenbackend.c
+++ b/libebl/eblopenbackend.c
@@ -309,17 +309,9 @@ openbackend (Elf *elf, const char *emulation, GElf_Half
machine)
        /* Well, we know the emulation name now.  */
        result->emulation = machines[cnt].emulation;

-       /* We access some data structures directly.  Make sure the 32 and
-          64 bit variants are laid out the same.  */
-       eu_static_assert (offsetof (Elf32_Ehdr, e_machine)
-                         == offsetof (Elf64_Ehdr, e_machine));
-       eu_static_assert (sizeof (((Elf32_Ehdr *) 0)->e_machine)
-                         == sizeof (((Elf64_Ehdr *) 0)->e_machine));
-       eu_static_assert (offsetof (Elf, state.elf32.ehdr)
-                         == offsetof (Elf, state.elf64.ehdr));
-
        /* Prefer taking the information from the ELF file.  */
-       if (elf == NULL)
+       GElf_Ehdr ehdr;
+       if (elf == NULL || gelf_getehdr (elf, &ehdr) == NULL)
          {
            result->machine = machines[cnt].em;
            result->class = machines[cnt].class;
@@ -327,9 +319,9 @@ openbackend (Elf *elf, const char *emulation, GElf_Half
machine)
          }
        else
          {
-           result->machine = elf->state.elf32.ehdr->e_machine;
-           result->class = elf->state.elf32.ehdr->e_ident[EI_CLASS];
-           result->data = elf->state.elf32.ehdr->e_ident[EI_DATA];
+           result->machine = ehdr.e_machine;
+           result->class = ehdr.e_ident[EI_CLASS];
+           result->data = ehdr.e_ident[EI_DATA];
          }

         if (machines[cnt].init &&

But...

> It is odd we arrive with a NULL ehdr here, of course.

Right, because I think in this case we pass through:

/* Find an appropriate backend for the file associated with ELF.  */            
Ebl *                                                                           
ebl_openbackend (Elf *elf)                                                      
{                                                                               
  GElf_Ehdr ehdr_mem;                                                           
  GElf_Ehdr *ehdr;                                                              

  /* Get the ELF header of the object.  */                                      
  ehdr = gelf_getehdr (elf, &ehdr_mem);                                         
  if (ehdr == NULL)                                                             
    {                                                                           
      // XXX uncomment                                                          
      // __libebl_seterror (elf_errno ());                                      
      return NULL;                                                              
    }                                                                           

  return openbackend (elf, NULL, ehdr->e_machine);                              
}                                                                               

Which already does that ehdr check.

Unfortunate we don't have a reproducer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to