Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check all sections if they need a rewrite #516

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

check all sections if they need a rewrite #516

wants to merge 1 commit into from

Conversation

migel
Copy link

@migel migel commented Sep 10, 2023

I have a binary with unsorted sections:

...
Section Headers:
  [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            0000000000000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        0000000000000270 000270 00001b 00   A  0   0  1
  [ 2] .note.gnu.build-id NOTE            000000000000028c 00028c 000024 00   A  0   0  4
  [ 3] .note.ABI-tag     NOTE            00000000000002b0 0002b0 000020 00   A  0   0  4
  [ 4] .dynsym           DYNSYM          00000000000020e8 0020e8 001398 18   A  7   1  8
  [ 5] .rela.dyn         RELA            00000000000002d0 0002d0 001398 18   A  4   0  8
...

Program Headers:
  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
  PHDR           0x000040 0x0000000000000040 0x0000000000000040 0x000230 0x000230 R   0x8
  INTERP         0x000270 0x0000000000000270 0x0000000000000270 0x00001b 0x00001b R   0x1
      [Requesting program interpreter: /lib/ld-linux-aarch64.so.1]
  NOTE           0x00028c 0x000000000000028c 0x000000000000028c 0x000044 0x000044 R   0x4
  LOAD           0x000000 0x0000000000000000 0x0000000000000000 0x00bb90 0x00bb90 R   0x10000
  LOAD           0x010000 0x0000000000010000 0x0000000000010000 0x00f758 0x00f758 R E 0x10000
  LOAD           0x020000 0x0000000000020000 0x0000000000020000 0x0103c0 0x010870 RW  0x10000
  DYNAMIC        0x0200a8 0x00000000000200a8 0x00000000000200a8 0x0002a0 0x0002a0 RW  0x8
  GNU_EH_FRAME   0x0076bc 0x00000000000076bc 0x00000000000076bc 0x0003ac 0x0003ac R   0x4
  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0
  GNU_RELRO      0x020000 0x0000000000020000 0x0000000000020000 0x000a30 0x000a30 R   0x8
...

Relocation section '.rela.dyn' at offset 0x2d0 contains 209 entries:
    Offset             Info             Type               Symbol's Value  Symbol's Name + Addend
0000000000020018  0000000000000403 R_AARCH64_RELATIVE                        13f48
0000000000020020  0000000000000403 R_AARCH64_RELATIVE                        1f6b8
...

Running patchelf to change the interpreter resulted in rewriting several sections due to additional program headers:

Section Headers:
  [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            0000000000000000 000000 000000 00      0   0  0
  [ 1] .rela.dyn         RELA            00000000000002d0 0002d0 001398 18   A  3   0  8
...
  [31] .interp           PROGBITS        0000000000040000 040000 000053 00   A  0   0  8
  [32] .note.ABI-tag     NOTE            0000000000040058 040058 000020 00   A  0   0  4
  [33] .note.gnu.build-id NOTE            0000000000040078 040078 000024 00   A  0   0  4
...

Program Headers:
  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
  PHDR           0x000040 0x0000000000000040 0x0000000000000040 0x0002a0 0x0002a0 R   0x8
  LOAD           0x000000 0x0000000000000000 0x0000000000000000 0x00bb90 0x00bb90 R   0x10000
  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0
  GNU_EH_FRAME   0x0076bc 0x00000000000076bc 0x00000000000076bc 0x0003ac 0x0003ac R   0x4
  LOAD           0x010000 0x0000000000010000 0x0000000000010000 0x00f758 0x00f758 R E 0x10000
  LOAD           0x020000 0x0000000000020000 0x0000000000020000 0x0103c0 0x010870 RW  0x10000
  GNU_RELRO      0x020000 0x0000000000020000 0x0000000000020000 0x000a30 0x000a30 R   0x8
  DYNAMIC        0x0200a8 0x00000000000200a8 0x00000000000200a8 0x0002a0 0x0002a0 RW  0x8
  INTERP         0x040000 0x0000000000040000 0x0000000000040000 0x000053 0x000053 R   0x1
      [Requesting program interpreter: /nix/store/0ckxcm0bnsh64a4vi40d5wjs96i014nl-glibc-2.37-8/lib/ld-linux-aarch64.so.1]
  LOAD           0x040000 0x0000000000040000 0x0000000000040000 0x0000a0 0x0000a0 RW  0x10000
  NOTE           0x040058 0x0000000000040058 0x0000000000040058 0x000020 0x000020 R   0x4
  NOTE           0x040078 0x0000000000040078 0x0000000000040078 0x000024 0x000024 R   0x4
...

Relocation section '.rela.dyn' at offset 0x2d0 contains 209 entries:
    Offset             Info             Type               Symbol's Value  Symbol's Name + Addend
0000000000000024  0000000000000004 R_AARCH64_P32_PREL16                      13f48
0000000000020020  0000000000000403 R_AARCH64_RELATIVE                        1f6b8
...

The modified binary has a corruption of the .rela.dyn section. The reason is that the program headers increases in size from 560 bytes (file offsets 64-623) to 672 bytes (file offsets 64-735), which made them overlap with the .rela.dyn section (starts at file offset 720). patchelf didn't correctly detect that is needs to rewrite the .rela.dyn section because it stops scanning the section headers at the first section that doesn't overlap with the longer program headers. This is an error because the section headers are not sorted for the rewriteSectionsLibrary function. This PR changes it so that it scans all the sections.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@migel @mkosaro