I think an example would help explain this. Below is part of the output from readelf -h on an elf object I have which has 210016 sections, but puts the section header string table at section 1. So e_shstrndx is 1, but e_shnum is 0. My reading of the elf standard is that this is legal, but readelf complains due to the check header->e_shstrndx >= header->e_shnum: Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 0 Size of section headers: 64 (bytes) Number of section headers: 0 (210016) Section header string table index: 1 <corrupt: out of range>
The code in readelf seems to assume that if there are > 0xff00 sections then shstrndx will be one of those sections that are > 0xff00. -----Original Message----- From: Nick Clifton <ni...@redhat.com> Sent: Tuesday, August 21, 2018 8:32 AM To: Mike Murphy <mmur...@nvidia.com>; bug-binutils@gnu.org Subject: Re: readelf reporting of e_shstrndx is slightly wrong Hi Mike, > If the file has no section name string table, this member holds the value > |SHN_UNDEF|. > If the section name string table section index is greater than or > equal to |SHN_LORESERVE| (|0xff00|), this member has the value > |SHN_XINDEX| (|0xffff|) > The current readelf -h seems to assume that if there are more than 0xff00 > sections, then the shstrndx will also be past that. But there is nothing to > prevent the section name string table from being section 1, in which case > e_shstrndx should just be 1. But the readelf implementation has: > > else if (elf_header.e_shstrndx != SHN_UNDEF && > elf_header.e_shstrndx >= elf_header.e_shnum) > > printf(_("<corrupt: out of range>")); I disagree. The readelf code actually looks like this: if (filedata->section_headers != NULL && header->e_shstrndx == (SHN_XINDEX & 0xffff)) printf (" (%u)", filedata->section_headers[0].sh_link); else if (header->e_shstrndx != SHN_UNDEF && header->e_shstrndx >= header->e_shnum) printf (_(" <corrupt: out of range>")); There is no check that the file itself has more than 0xff00 sections. Instead it checks to see if the e_shstrndx field is SHN_XINDEX and if so it follows the link. Otherwise it checks that the index is either SHN_UNDEF or a valid section number. Note - the use if "& 0xffff" in the above code is confusing, and looks surplus to me, but I do not think that it makes any difference to the behaviour. Cheers Nick _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils