Fix #23610 - Stop parsing compressed DWARF sections ##crash

qkaiser · web-flow · commit c54a65298005 · 2024-11-07T00:08:41.000+01:00
Parsing compressed DWARF sections as raw DWARF can lead to endless loops
since content is invalid, leading to situations where an overly large total_entries
value in parse_line_header_source_dwarf5 causes radare2 to busyloop.
diff --git a/libr/arch/include/elf/common.h b/libr/arch/include/elf/common.h
@@ -381,6 +381,7 @@
 #define SHF_OS_NONCONFORMING (1 << 8)	/* OS specific processing required */
 #define SHF_GROUP	(1 << 9)	/* Member of a section group */
 #define SHF_TLS		(1 << 10)	/* Thread local storage section */
+#define SHF_COMPRESSED	     (1 << 11)	/* Section with compressed data. */
 
 /* #define SHF_MASKOS	0x0F000000    *//* OS-specific semantics */
 #define SHF_MASKOS	0x0FF00000	/* New value, Oct 4, 1999 Draft */
diff --git a/libr/bin/dwarf.c b/libr/bin/dwarf.c
@@ -1,6 +1,7 @@
 /* radare - LGPL - Copyright 2012-2024 - pancake, Fedor Sakharov */
 
 #include <r_core.h>
+#include "format/elf/elf.h"
 
 #define READ8(buf)                                                \
 	(((buf) + sizeof (ut8) < buf_end) ? ((ut8 *)buf)[0] : 0); \
@@ -384,6 +385,12 @@ static RBinSection *getsection(RBin *bin, int sn) {
 		}
 		r_list_foreach (o->sections, iter, section) {
 			if (strstr (section->name, name_str)) {
+#if R2_USE_NEW_ABI
+				if (r_str_startswith (section->name, ".debug_") && R_BIN_ELF_SCN_IS_COMPRESSED (section->flags))  {
+					R_LOG_WARN ("Compressed dwarf sections not yet supported");
+					return NULL;
+				}
+#endif
 				if (strstr (section->name, "zdebug")) {
 					R_LOG_WARN ("Compressed dwarf sections not yet supported");
 					return NULL;
diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
@@ -3747,6 +3747,9 @@ static void _store_bin_sections(ELFOBJ *eo, const RVector *elf_bin_sections) {
 		ptr->type = elf_section_type_tostring (section->type);
 		ptr->add = !eo->phdr; // Load sections if there is no PHDR
 		ptr->perm = elf_flags_to_section_perms (section->flags);
+#if R2_USE_NEW_ABI
+		ptr->flags = section->flags;
+#endif
 #if 0
 TODO: ptr->flags = elf_flags_tostring (section->flags);
 #define SHF_WRITE	     (1 << 0)	/* Writable */
diff --git a/libr/bin/format/elf/elf.h b/libr/bin/format/elf/elf.h
@@ -12,6 +12,8 @@
 #define R_BIN_ELF_SCN_IS_EXECUTABLE(x) x & SHF_EXECINSTR
 #define R_BIN_ELF_SCN_IS_READABLE(x)   x & SHF_ALLOC
 #define R_BIN_ELF_SCN_IS_WRITABLE(x)   x & SHF_WRITE
+#define R_BIN_ELF_SCN_IS_COMPRESSED(x)   x & SHF_COMPRESSED
+
 
 #define R_BIN_ELF_SYMTAB_SYMBOLS 1 << 0
 #define R_BIN_ELF_DYNSYM_SYMBOLS 1 << 1
diff --git a/libr/include/r_bin.h b/libr/include/r_bin.h
@@ -303,6 +303,9 @@ typedef struct r_bin_section_t {
 	ut64 vaddr;
 	ut64 paddr;
 	ut32 perm;
+#if R2_USE_NEW_ABI
+	ut32 flags;
+#endif
 	const char *type;
 	const char *arch;
 	char *format;
