vbpf / prevail / 25071483533 / 1
86%
main: 86%

DEFAULT BRANCH: main
Ran
Files 113
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 88.895% (+0.06%) from 88.832%
25071483533.1

push

github

web-flow 
Fix heap-buffer-overflow from non-instruction-aligned FUNC symbols (#1106)

* Fix heap-buffer-overflow from non-instruction-aligned FUNC symbols

Reject ELF FUNC symbols in executable sections whose st_value is not a
multiple of sizeof(EbpfInst) (8 bytes). A malformed ELF with such a
symbol causes get_program_name_and_size() to produce non-aligned program
boundaries. When read_programs() advances offset by a non-aligned
symbol_size, compute_reachable_program_span() uses truncating integer
division (offset / sizeof(EbpfInst)), inflating the computed span and
causing vector_of<EbpfInst> to memcpy past the section data buffer.

The root-cause fix validates FUNC symbol alignment in
get_program_name_and_size(), which is shared by both read_programs() and
ElfObjectState::discover_programs(). A defense-in-depth bounds check
before the vector_of call in read_programs() guards against future
regressions in span computation.

Add a test that constructs a minimal ELF with a FUNC symbol at an
unaligned offset and verifies it is cleanly rejected.

* Add acceptance test for instruction-aligned FUNC symbols

Companion to the rejection test — verifies that FUNC symbols at
8-byte-aligned offsets are accepted without error, ensuring the
alignment validation does not reject well-formed ELF files.

---------

Signed-off-by: Michael Agun <danielagun@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

13480 of 15164 relevant lines covered (88.89%)

2179864.12 hits per line

Source Files on job run-Release - 25071483533.1