libelf: find 1st section instead of assuming

When getting section headers it is assumed that the first section
is on the first section list. However, it is possible that the
first section list only contains the zeroth section, in which
case either illegal memory access occurs or elf_nextscn()
erroneously returns NULL.

With this patch, checks are added to avoid the illegal memory
access and (if available) the second section list is looked at
to find the first section.

A new test emptyfile is added that tests adding a section to
and "empty" ELF file 32/64 class with ELF_C_RDWR[_MMAP].

Signed-off-by: John Ogness <[email protected]>
Signed-off-by: Mark Wielaard <[email protected]>

1 files changed, 9 insertions, 2 deletions

diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c
index 03de0321..75070628 100644
--- a/libelf/elf32_updatenull.c
+++ b/libelf/elf32_updatenull.c
@@ -180,6 +180,7 @@ __elfw2(LIBELFBITS,updatenull_wrlock) (Elf *elf, int *change_bop, size_t shnum)
 
   if (shnum > 0)
     {
+      struct Elf_Scn *scn1 = NULL;
       Elf_ScnList *list;
       bool first = true;
 
@@ -198,10 +199,16 @@ __elfw2(LIBELFBITS,updatenull_wrlock) (Elf *elf, int *change_bop, size_t shnum)
       /* Go over all sections and find out how large they are.  */
       list = &elf->state.ELFW(elf,LIBELFBITS).scns;
 
+      /* Find the first section. */
+      if (list->cnt > 1)
+	scn1 = &list->data[1];
+      else if (list->next != NULL)
+	scn1 = &list->next->data[0];
+
       /* Load the section headers if necessary.  This loads the
 	 headers for all sections.  */
-      if (list->data[1].shdr.ELFW(e,LIBELFBITS) == NULL)
-	(void) __elfw2(LIBELFBITS,getshdr_wrlock) (&list->data[1]);
+      if (scn1 != NULL && scn1->shdr.ELFW(e,LIBELFBITS) == NULL)
+	(void) __elfw2(LIBELFBITS,getshdr_wrlock) (scn1);
 
       do
 	{