elffile: fix handling of symbols without a name

closes #2553 elffile: fix key error
2025-12-12 07:40:38 -08:00 · 2025-01-15 13:24:57 +00:00
parent df7697db84
commit 8c412f361a
2 changed files with 14 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@
 - vmray: load more analysis archives @mr-tz
 - dynamic: only check file limitations for static file formats @mr-tz
 - vmray: skip non-printable strings @mike-hunhoff
+- elffile: handle symbols without a name @williballenthin #2553

 ### capa Explorer Web

--- a/capa/features/extractors/elffile.py
+++ b/capa/features/extractors/elffile.py
@@ -80,8 +80,7 @@ def extract_file_export_names(elf: ELFFile, **kwargs):


 def extract_file_import_names(elf: ELFFile, **kwargs):
-    # Create a dictionary to store symbol names by their index
-    symbol_names = {}
+    symbol_name_by_index: dict[int, str] = {}

    # Extract symbol names and store them in the dictionary
    for segment in elf.iter_segments():
@@ -93,7 +92,7 @@ def extract_file_import_names(elf: ELFFile, **kwargs):
            logger.debug("Dynamic segment doesn't contain DT_SYMTAB")
            continue

-        for _, symbol in enumerate(segment.iter_symbols()):
+        for i, symbol in enumerate(segment.iter_symbols()):
            # The following conditions are based on the following article
            # http://www.m4b.io/elf/export/binary/analysis/2015/05/25/what-is-an-elf-export.html
            if not symbol.name:
@@ -107,7 +106,7 @@ def extract_file_import_names(elf: ELFFile, **kwargs):
            if symbol.entry.st_name == 0:
                continue

-            symbol_names[_] = symbol.name
+            symbol_name_by_index[i] = symbol.name

    for segment in elf.iter_segments():
        if not isinstance(segment, DynamicSegment):
@@ -127,10 +126,17 @@ def extract_file_import_names(elf: ELFFile, **kwargs):
                    break

            for relocation in relocations:
-                # Extract the symbol name from the symbol table using the symbol index in the relocation
-                if relocation["r_info_sym"] not in symbol_names:
+                if "r_info_sym" not in relocation.entry or "r_offset" not in relocation.entry:
                    continue
-                yield Import(symbol_names[relocation["r_info_sym"]]), FileOffsetAddress(relocation["r_offset"])
+
+                symbol_address: int = relocation["r_offset"]
+                symbol_index: int = relocation["r_info_sym"]
+
+                if symbol_index not in symbol_name_by_index:
+                    continue
+                symbol_name = symbol_name_by_index[symbol_index]
+
+                yield Import(symbol_name), FileOffsetAddress(symbol_address)


 def extract_file_section_names(elf: ELFFile, **kwargs):