[Courgette] Add more checks in ELF parsing to fix fuzzer failure.

Recently Clusterfuzz discovered a minimal ELF file that triggers CHECK
failure. This CL ports some Zucchini ELF parsing checks to Courgette
to fix these, and add more. Failing these check just causes potential
image to be not identified as ELF. Details:
* Require string table section to exist (e_shstrndx != SHN_UNDEF == 0).
* Require non-SHT_NOBITS sections to lie with image.
* Require program segments to lie within image.
* NB: "Lie within image" uses tentative image, before UpdateLength()
  is applied to shrink image.
* Require string table section to have type SHT_STRTAB.
  * This prevents loophole to the section within image check.
  * This allows CHECK() to be added to SectionBody() per TODO.
* Require e_ident[{EI_CLASS, EI_DATA, EI_VERSION}] to fixed values
  (32-bit little-endian).

Bug: 934142
Change-Id: I9687d2cbdcbfb957ddd55d0f6a40aea857071d74
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1518806
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Samuel Huang <huangs@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#640473}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 4db877c713b6cf149d6e85e6924f5d449c4dd279
4 files changed
tree: f7eceb774689e5ecd91a3bb6d8fda4424418d71c
  1. BUILD.gn
  2. DEPS
  3. OWNERS
  4. adjustment_method.cc
  5. adjustment_method.h
  6. adjustment_method_2.cc
  7. adjustment_method_unittest.cc
  8. analyze_mem_test
  9. analyze_stress_test
  10. assembly_program.cc
  11. assembly_program.h
  12. base_test_unittest.cc
  13. base_test_unittest.h
  14. bsdiff_memory_unittest.cc
  15. consecutive_range_visitor.h
  16. consecutive_range_visitor_unittest.cc
  17. courgette.h
  18. courgette_application.png
  19. courgette_flow.cc
  20. courgette_flow.h
  21. courgette_generation.png
  22. courgette_minimal_tool.cc
  23. courgette_tool.cc
  24. crc.cc
  25. crc.h
  26. description.html
  27. description.md
  28. difference_estimator.cc
  29. difference_estimator.h
  30. difference_estimator_unittest.cc
  31. disassembler.cc
  32. disassembler.h
  33. disassembler_elf_32.cc
  34. disassembler_elf_32.h
  35. disassembler_elf_32_arm.cc
  36. disassembler_elf_32_arm.h
  37. disassembler_elf_32_x86.cc
  38. disassembler_elf_32_x86.h
  39. disassembler_elf_32_x86_unittest.cc
  40. disassembler_win32.cc
  41. disassembler_win32.h
  42. disassembler_win32_x64.cc
  43. disassembler_win32_x64.h
  44. disassembler_win32_x64_unittest.cc
  45. disassembler_win32_x86.cc
  46. disassembler_win32_x86.h
  47. disassembler_win32_x86_unittest.cc
  48. encode_decode_unittest.cc
  49. encoded_program.cc
  50. encoded_program.h
  51. encoded_program_fuzz_unittest.cc
  52. encoded_program_unittest.cc
  53. ensemble.cc
  54. ensemble.h
  55. ensemble_apply.cc
  56. ensemble_create.cc
  57. ensemble_unittest.cc
  58. image_utils.h
  59. image_utils_unittest.cc
  60. instruction_utils.h
  61. label_manager.cc
  62. label_manager.h
  63. label_manager_unittest.cc
  64. memory_allocator.cc
  65. memory_allocator.h
  66. memory_allocator_unittest.cc
  67. memory_monitor.cc
  68. patch_generator_x86_32.h
  69. patcher_x86_32.h
  70. program_detector.cc
  71. program_detector.h
  72. program_detector_unittest.cc
  73. region.h
  74. rel32_finder.cc
  75. rel32_finder.h
  76. rel32_finder_unittest.cc
  77. rel32_finder_x64.cc
  78. rel32_finder_x64.h
  79. rel32_finder_x86.cc
  80. rel32_finder_x86.h
  81. run_mem_test
  82. run_stress_test
  83. simple_delta.cc
  84. simple_delta.h
  85. streams.cc
  86. streams.h
  87. streams_unittest.cc
  88. stress_test_common
  89. testdata/
  90. third_party/
  91. typedrva_unittest.cc
  92. types_elf.h
  93. types_win_pe.h
  94. versioning_unittest.cc