fileinfo crashes in ElfImage::createSegmentToSectionsTable(): uncaught exception retdec::utils::InvalidRangeException

[bansan85]

fileinfo crashes in ElfImage::createSegmentToSectionsTable

Input

fileinfo FILE
createSegmentToSectionsTable.zip

Output

Backtrace:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff5c6fc5f in __GI_abort () at abort.c:90
#2  0x00007ffff66104d5 in __gnu_cxx::__verbose_terminate_handler () at /home/legarrec/info/portage/sys-devel/gcc-7.3.0/work/gcc-7.3.0/libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007ffff660df26 in __cxxabiv1::__terminate (handler=<optimized out>) at /home/legarrec/info/portage/sys-devel/gcc-7.3.0/work/gcc-7.3.0/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007ffff660df81 in std::terminate () at /home/legarrec/info/portage/sys-devel/gcc-7.3.0/work/gcc-7.3.0/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007ffff660e20d in __cxxabiv1::__cxa_throw (obj=<optimized out>, tinfo=tinfo@entry=0x555557006a18 <typeinfo for retdec::utils::InvalidRangeException>, dest=dest@entry=0x5555559e30c0 <retdec::utils::InvalidRangeException::~InvalidRangeException()>)
    at /home/legarrec/info/portage/sys-devel/gcc-7.3.0/work/gcc-7.3.0/libstdc++-v3/libsupc++/eh_throw.cc:93
#6  0x00005555559e327a in retdec::utils::Range<unsigned long>::Range (this=<optimized out>, start=<optimized out>, end=<optimized out>) at /home/legarrec/info/programmation/retdec/include/retdec/utils/range.h:55
#7  0x0000555555a31eaf in retdec::loader::ElfImage::createSegmentToSectionsTable (this=this@entry=0x555557048c10) at /home/legarrec/info/programmation/retdec/src/loader/loader/elf/elf_image.cpp:241
#8  0x0000555555a358cc in retdec::loader::ElfImage::loadExecutableFile (this=this@entry=0x555557048c10) at /home/legarrec/info/programmation/retdec/src/loader/loader/elf/elf_image.cpp:74
#9  0x0000555555a36a78 in retdec::loader::ElfImage::load (this=0x555557048c10) at /home/legarrec/info/programmation/retdec/src/loader/loader/elf/elf_image.cpp:50
#10 0x00005555559da34a in retdec::loader::(anonymous namespace)::createImageImpl (fileFormat=std::shared_ptr (count 3, weak 0) 0x555557047fb0) at /home/legarrec/info/programmation/retdec/src/loader/image_factory.cpp:52
#11 retdec::loader::createImage (fileFormat=std::shared_ptr (count 3, weak 0) 0x555557047fb0) at /home/legarrec/info/programmation/retdec/src/loader/image_factory.cpp:88
#12 0x000055555563ce3e in fileinfo::FileDetector::getLoaderInfo (this=this@entry=0x555557047bc0) at /home/legarrec/info/programmation/retdec/src/fileinfo/file_detector/file_detector.cpp:250
#13 0x00005555556402c4 in fileinfo::FileDetector::getAllInformation (this=0x555557047bc0) at /home/legarrec/info/programmation/retdec/src/fileinfo/file_detector/file_detector.cpp:334
#14 0x00005555555db614 in main (argc=<optimized out>, argv=<optimized out>) at /home/legarrec/info/programmation/retdec/src/fileinfo/fileinfo.cpp:419

From master (63f1a3de)

[silverbacknet]

All three of #239, #240, and #241 look like variants on memory allocation errors, ie, #13 & #16. #239 & #240 are both the same failure to construct, #241 is different but still a failed allocation.

[s3rvac]

Thank you for the report. I can confirm that fileinfo crashes when analyzing the attached file:

$ retdec-fileinfo createSegmentToSectionsTable
terminate called after throwing an instance of 'retdec::utils::InvalidRangeException'
  what():  Invalid Range: end is greater than start
Aborted

Should be analyzed together with #240 (same problem, but slightly different backtrace).

[mbandzi]

Fixed in 2e6ecef. Invalid values caused integer overflow that leads to invalid range. If this is encountered, parsing is stopped and only data loaded before are returned.