Difference between p_filesz and p_memsz of Elf32_Phdr

Question

I am not able to understand the exact difference between p_filesz and p_memsz of Elf32_Phdr. Can anyone help me understand this?

From the elf document I see below definitions of p_filesz and p_memsz, but it is not completely clear to me.

p_filesz : This member gives the number of bytes in the file image of the segment; it may be zero. p_memsz : This member gives the number of bytes in the memory image of the segment; it may be zero.

what exactly is "file image" and "memory image"?

Answer 1

As you've already stated in your comment, the p_filesz field corresponds to the segment's size in bytes in the file, whereas the p_memsz is the segment's in-memory size. The reason why p_memsz is greater than (or equal to) p_filesz is that a loadable segment may contain a .bss section, which contains uninitialized data. It would be wasteful to store this data on disk, and therefore it only occupies space once the ELF file is loaded into memory. This fact is indicated by the SHT_NOBITS type of the .bss section.

As per the ELF specification, in the case where p_memsz is greater than p_filesz, the extra bytes following the segment's initialized area are defined to hold the value 0.