Lagom+LibELF: Add an ELF fuzzer, and tweak the code to survive a few minutes of fuzzing (#3071)

If a buffer smaller than Elf32_Ehdr was passed to Image, header() would do an out-of-bounds read. Make parse() check for that. Make most Image methods assert that the image is_valid(). For that to work, set m_valid early in Image::parse() instead of only at its end. Also reorder a few things so that the fuzzer doesn't hit (valid) assertions, which were harmless from a security PoV but which still allowed userspace to crash the kernel with an invalid ELF file. Make dbgprintf()s configurable at run time so that the fuzzer doesn't produce lots of logspam.
author: Nico Weber <thakis@chromium.org> 2020-08-10 09:55:17 -0400
committer: GitHub <noreply@github.com> 2020-08-10 15:55:17 +0200
commit: 00f658b9846b525e7b5b4b3f7ee2f33292b47ea4 (patch)
tree: 031856bdc8ec8cf661f4e9372d99ac2aa870d554 /Libraries/LibELF/Validation.h
parent: eaf7e6840806a68d38321aa0097946db65abad46 (diff)
download: serenity-00f658b9846b525e7b5b4b3f7ee2f33292b47ea4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Libraries/LibELF/Validation.h b/Libraries/LibELF/Validation.h
index 7e3af66ac0..85495ce09a 100644
--- a/Libraries/LibELF/Validation.h
+++ b/Libraries/LibELF/Validation.h
@@ -30,7 +30,7 @@
 
 namespace ELF {
 
-bool validate_elf_header(const Elf32_Ehdr& elf_header, size_t file_size);
+bool validate_elf_header(const Elf32_Ehdr& elf_header, size_t file_size, bool verbose=true);
 bool validate_program_headers(const Elf32_Ehdr& elf_header, size_t file_size, u8* buffer, size_t buffer_size, String& interpreter_path);
 
 } // end namespace ELF
author	Nico Weber <thakis@chromium.org>	2020-08-10 09:55:17 -0400
committer	GitHub <noreply@github.com>	2020-08-10 15:55:17 +0200
commit	00f658b9846b525e7b5b4b3f7ee2f33292b47ea4 (patch)
tree	031856bdc8ec8cf661f4e9372d99ac2aa870d554 /Libraries/LibELF/Validation.h
parent	eaf7e6840806a68d38321aa0097946db65abad46 (diff)
download	serenity-00f658b9846b525e7b5b4b3f7ee2f33292b47ea4.zip