elf segment offset error

[liangjs]

When calculating the offsets for LEF segments in ElfFile._offsets(), there's something like:

if p.offset is 0:
    p.filesz += phsize
    x = offset + p.filesz

However, some binaries may contain multiple segments with zero file offset. In the following example, the offset of GNU_STACK segment is also zero, which results in a wrong offset calculation of segments after it (if we want to append segments to this ELF).

Program Headers:
  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz   Flg Align
  PHDR           0x000040 0x0000000000000040 0x0000000000000040 0x0002d8 0x0002d8 R   0x8
  INTERP         0x017d80 0x0000000000017d80 0x0000000000017d80 0x00001e 0x00001e R   0x10
      [Requesting program interpreter: /usr/lib/ld-linux-x86-64.so.2]
  LOAD           0x000000 0x0000000000000000 0x0000000000000000 0x006fa0 0x006fa0 R   0x1000
  LOAD           0x007000 0x0000000000007000 0x0000000000007000 0x00f9a5 0x00f9a5 R E 0x1000
  LOAD           0x017000 0x0000000000017000 0x0000000000017000 0x0044c0 0x0044c0 R   0x1000
  LOAD           0x01b8e8 0x000000000001c8e8 0x000000000001c8e8 0x000768 0x0048c0 RW  0x1000
  DYNAMIC        0x01baa0 0x000000000001caa0 0x000000000001caa0 0x000230 0x000230 RW  0x8
  NOTE           0x000318 0x0000000000000318 0x0000000000000318 0x000020 0x000020 R   0x8
  NOTE           0x000338 0x0000000000000338 0x0000000000000338 0x000044 0x000044 R   0x4
  GNU_PROPERTY   0x000318 0x0000000000000318 0x0000000000000318 0x000020 0x000020 R   0x8
  GNU_EH_FRAME   0x017da0 0x0000000000017da0 0x0000000000017da0 0x0009bc 0x0009bc R   0x4
  GNU_STACK      0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW  0x10
  GNU_RELRO      0x01b8e8 0x000000000001c8e8 0x000000000001c8e8 0x000718 0x000718 R   0x1

[lunixbochs]

It‘s only looking at the PT_LOAD segments there: LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x006fa0 0x006fa0 R 0x1000 LOAD 0x007000 0x0000000000007000 0x0000000000007000 0x00f9a5 0x00f9a5 R E 0x1000 LOAD 0x017000 0x0000000000017000 0x0000000000017000 0x0044c0 0x0044c0 R 0x1000 LOAD 0x01b8e8 0x000000000001c8e8 0x000000000001c8e8 0x000768 0x0048c0 RW 0x1000 https://github.com/lunixbochs/patchkit/blob/master/util/elffile.py#L890

[liangjs]

Sorry, I didn't state it clearly. The situation is:
I append new LOAD segment. When saving to a new binary, elffile moves the old segment at 0x017000 to file offset 0x018000, but it doesn't move the GNU_EH_FRAME segment at 0x017da0 to a new place (because it's not a LOAD segment), so the GNU_EH_FRAME data overwrite the LOAD data at 0x018000.
So I edit this line https://github.com/lunixbochs/patchkit/blob/master/util/elffile.py#L890 to not check PT_LOAD, and then come to the issue above.

I think the correct way is to check PT_LOAD here:
https://github.com/lunixbochs/patchkit/blob/master/util/elffile.py#L894

[lunixbochs]

That's not the correct solution.

You can't just move non-LOAD segments around, because the linker might expect them in memory. The non-LOAD segments are typically a subset of the LOAD segments, for example GNU_EH_FRAME is at 0x017da0 which should be entirely inside the segment at 0x017000

[lunixbochs]

I think we just need to make sure if a LOAD gets moved around, any non-LOAD segments contained inside it are moved too. We already do this with sections.