Skip to content

Fix OOB read in .gnu_debuglink parsing due to unbounded strlen#2634

Open
metsw24-max wants to merge 1 commit into
facebook:mainfrom
metsw24-max:elf-debuglink-oob-read
Open

Fix OOB read in .gnu_debuglink parsing due to unbounded strlen#2634
metsw24-max wants to merge 1 commit into
facebook:mainfrom
metsw24-max:elf-debuglink-oob-read

Conversation

@metsw24-max

Copy link
Copy Markdown
Contributor

The ELF debuglink parsing logic used strlen() on raw section data without verifying the presence of a null terminator within section bounds.

This results in an out-of-bounds read when processing malformed ELF files where the .gnu_debuglink section is not null-terminated.

-Replaces strlen() with bounded memchr()-based parsing
-Validates that a null terminator exists within section bounds
-Avoids copying beyond validated length and explicitly terminate output buffer

@meta-cla meta-cla Bot added the CLA Signed label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

1 participant