[4] Fix .note.gnu.property section emission on non-ELF platforms
Severity: Low | Component: boringssl ARM64 assembly (via libwebrtc) | 216bff7
Rated Low because the observable effect is crashes in system diagnostic tools (ktrace/libtrace) caused by malformed Mach-O sections, with no commit-backed evidence of remotely triggerable code execution — the theoretical escalation to code signing or loader interference is speculative and blocked by Apple's binary validation pipeline.
Bug 303938 enabled PAC (return address signing) for boringssl by adding -mbranch-protection=pac-ret+b-key flags to ARM64 assembly files. This caused a .note.gnu.property section to be emitted on all platforms, including Apple/Mach-O targets where it's invalid and caused crashes in ktrace/libtrace. The fix adds an && defined(__ELF__) guard.
Source/ThirdParty/libwebrtc/Source/third_party/boringssl/src/include/openssl/asm_base.h
Patch Details
A single-line fix: the conditional around the .note.gnu.property section emission in boringssl's asm_base.h now requires defined(__ELF__) in addition to the existing PAC/BTI feature checks. This restricts the ELF-specific metadata section to platforms that actually use the ELF binary format.
Missing platform guard on ELF-specific section emission in cross-platform assembly header.
Background
The .note.gnu.property section is an ELF metadata mechanism used on Linux/GNU targets to advertise hardware security features (PAC, BTI) that the compiled code supports. Linkers and loaders on ELF platforms read this section to enforce feature compatibility. Mach-O, Apple's binary format, has no equivalent section and does not expect .note.gnu.property data — its presence produces malformed object files. The __ELF__ preprocessor macro is defined by compilers only when targeting ELF platforms, providing a standard guard for ELF-specific assembly directives.
Analysis
When -mbranch-protection=pac-ret+b-key was added to boringssl's ARM64 assembly build, it caused __ARM_FEATURE_PAC_DEFAULT to be defined, setting GNU_PROPERTY_AARCH64_POINTER_AUTH to a non-zero value. The conditional guarding .note.gnu.property emission checked only whether PAC or BTI features were enabled, without verifying the target format was ELF. The resulting Mach-O objects contained an invalid section that crashed ktrace/libtrace when processing these binaries.
The same file already had a correct #if defined(__ELF__) guard for .note.GNU-stack earlier in the source, but the later .note.gnu.property block added for PAC/BTI did not follow the same pattern — a straightforward oversight when the security-hardening flags were enabled.