Allocation-size-too-big in LIEF::MachO::init_c_sections
bladchan opened this issue · comments
Describe the bug
A bad Mach-O file may lead the LIEF::MachO::init_c_sections() function to malloc a large content at
Line 31 in 2a26324
The content size of sections should be limited under a regular number.
Pocs
poc_size_too_big.zip
To Reproduce
Steps to reproduce the behavior:
- Build the whole library with ASAN:
CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake .
make -j8Run pocs:
./examples/c/macho_reader poc_size_too_bigExpected behavior
Handle bad Mach-O files more robust.
Environment (please complete the following information):
- System and Version : 20.04.1-Ubuntu
- Target format : Mach-O
- LIEF commit version: 2a26324
Additional context
ASAN says that:
Section's size is bigger than segment's size
Section's size is bigger than segment's size
Section's size is bigger than segment's size
=================================================================
==3792433==ERROR: AddressSanitizer: requested allocation size 0xffffffffffffffc0 (0x7c0 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
#0 0x7f699108b808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55723058419c in LIEF::MachO::init_c_sections(Macho_Binary_t*, LIEF::MachO::Binary*) /home/ubuntu/LIEF_2a26324/api/c/MachO/Section.cpp:31
==3792433==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 in __interceptor_malloc
==3792433==ABORTING