btf__new can be crashed by a sequence of 24 bytes #390
Description
Trying to figure out how BTF and CO-RE works I somehow managed to crash libbpf. Below are the backtrace and the code triggering the crash:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==7523==ERROR: AddressSanitizer: SEGV on unknown address 0x603101178d0e (pc 0x000000509a7f bp 0x7fff6d0b1bb0 sp 0x7fff6d0b1b90 T0)
==7523==The signal is caused by a READ memory access.
#0 0x509a7f in btf_parse_str_sec /home/vagrant/libbpf/src/btf.c:271:64
#1 0x4fd5db in btf_new /home/vagrant/libbpf/src/btf.c:854:8
#2 0x4fd2c2 in btf__new /home/vagrant/libbpf/src/btf.c:870:20
#3 0x4fae83 in main (/home/vagrant/libbpf/src/a.out+0x4fae83)
#4 0x7fe00acf31e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
#5 0x4226ed in _start (/home/vagrant/libbpf/src/a.out+0x4226ed)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/vagrant/libbpf/src/btf.c:271:64 in btf_parse_str_sec
==7523==ABORTING
#include "btf.h"
#include "libbpf.h"
int main(int argc, char *argv[]) {
char data[] = {
0x9f, 0xeb, 0x01, 0xa1, 0xff, 0x8c, 0x17, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00
};
struct btf *btf = NULL;
int err;
btf = btf__new(data, sizeof(data));
err = libbpf_get_error(btf);
if (err)
return 0;
btf__free(btf);
return 0;
}