LibELF: ELF executable ET_EXEC with PT_LOAD program header: failed assertion: m_total_range.contains(allocated_range)
Reproduce:
/*
* Copyright (c) 2021, the SerenityOS developers.
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibC/elf.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main()
{
char buffer[20000];
auto& header = *(Elf32_Ehdr*)buffer;
header.e_ident[EI_MAG0] = ELFMAG0;
header.e_ident[EI_MAG1] = ELFMAG1;
header.e_ident[EI_MAG2] = ELFMAG2;
header.e_ident[EI_MAG3] = ELFMAG3;
header.e_ident[EI_CLASS] = ELFCLASS32;
header.e_ident[EI_DATA] = ELFDATA2LSB;
header.e_ident[EI_VERSION] = EV_CURRENT;
header.e_ident[EI_OSABI] = ELFOSABI_SYSV;
header.e_ident[EI_ABIVERSION] = 0;
header.e_type = ET_EXEC;
header.e_version = EV_CURRENT;
header.e_ehsize = sizeof(Elf32_Ehdr);
header.e_machine = EM_386;
header.e_shentsize = sizeof(Elf32_Shdr);
header.e_phnum = 1;
header.e_phoff = 52;
header.e_phentsize = sizeof(Elf32_Phdr);
auto* ph = (Elf32_Phdr*)(&buffer[header.e_phoff]);
ph[0].p_vaddr = 0x00000010;
ph[0].p_type = PT_LOAD;
ph[0].p_offset = 10;
ph[0].p_filesz = 10;
ph[0].p_memsz = 0xffff0000;
ph[0].p_flags = PF_R | PF_X;
ph[0].p_align = PAGE_SIZE;
/* inaccurate and unrelated */
header.e_shnum = 3;
header.e_shoff = 1024;
header.e_shstrndx = 2;
header.e_entry = 1024;
int fd = open("x", O_RDWR | O_CREAT, 0700);
if (fd < 0) {
perror("open");
return 1;
}
int nwritten = write(fd, buffer, sizeof(buffer));
if (nwritten < 0) {
perror("write");
return 1;
}
if (execl("/home/anon/x", "x", nullptr) < 0) {
perror("execl");
return 1;
}
return 0;
}Log:
[Shell(30:30)]: ASSERTION FAILED: m_total_range.contains(allocated_range)
[Shell(30:30)]: ../../Kernel/VM/RangeAllocator.cpp:145 in AK::Optional<Kernel::Range> Kernel::RangeAllocator::allocate_specific(VirtualAddress, size_t)
[#0 Shell(30:30)]: 0xc059a19e abort +0x4b
[#0 Shell(30:30)]: 0xc058d195 debug_handler +0x0
[#0 Shell(30:30)]: 0xc0550a2e Kernel::RangeAllocator::allocate_specific(VirtualAddress, unsigned long) +0xf8
[#0 Shell(30:30)]: 0xc0568b4f Kernel::Space::allocate_range(VirtualAddress, unsigned long, unsigned long) +0x1e9
[#0 Shell(30:30)]: 0xc03dc97f Kernel::load_elf_object(AK::NonnullOwnPtr<Kernel::Space>, Kernel::FileDescription&, unsigned int, Kernel::ShouldAllocateTls, Kernel::ShouldAllowSyscalls) +0x2017
[#0 Shell(30:30)]: 0xc03de7fc Kernel::Process::load(AK::NonnullRefPtr<Kernel::FileDescription>, AK::RefPtr<Kernel::FileDescription, AK::RefPtrTraits<Kernel::FileDescription> >, elfhdr const&) +0x9ac
[#0 Shell(30:30)]: 0xc03e0959 Kernel::Process::do_exec(AK::NonnullRefPtr<Kernel::FileDescription>, AK::Vector<AK::String, 0ul>, AK::Vector<AK::String, 0ul>, AK::RefPtr<Kernel::FileDescription, AK::RefPtrTraits<Kernel::FileDescription> >, Kernel::Thread*&, unsigned int&, elfhdr const&) +0x134f
[#0 Shell(30:30)]: 0xc03ea04d Kernel::Process::exec(AK::String, AK::Vector<AK::String, 0ul>, AK::Vector<AK::String, 0ul>, int) [clone .part.0] +0x1d1f
[#0 Shell(30:30)]: 0xc03ec2d7 Kernel::Process::sys$execve(AK::Userspace<Kernel::Syscall::SC_execve_params const*>) +0xee9
[#0 Shell(30:30)]: 0xc03c1aba syscall_handler +0x1e7d
[#0 Shell(30:30)]: 0xc03bfc05 syscall_asm_entry +0x31
Same backtrace as #5279 and #5583. Possible a duplicate issue, although these issues can no longer be reproduced (fixed?) and relate to ET_DYN executables (not ET_EXEC).
SerenityOSΒ /Β serenity
The Serenity Operating System π
30.6k
Contributors get 100% of received funds after fees
How does funding with Polar work?
1
Pay now to fund the work behind this issue.
2
Get updates on progress being made.
3
Maintainer is rewarded once the issue is completed.
FAQ
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too