projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7aa1626)
[Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.
authorGeorge Rimar <grimar@accesssoftek.com>
Thu, 27 Oct 2016 11:50:04 +0000 (11:50 +0000)
committerGeorge Rimar <grimar@accesssoftek.com>
Thu, 27 Oct 2016 11:50:04 +0000 (11:50 +0000)
Elf.h already has code checking that section table does not go past end of file.
Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize
because of calculation overflow.

Parch fixes the issue.

Differential revision: https://reviews.llvm.org/D25432

llvm-svn: 285285

llvm/include/llvm/Object/ELF.h patch | blob | history
llvm/test/Object/Inputs/invalid-sections-num.elf [new file with mode: 0644] patch | blob
llvm/test/Object/invalid.test patch | blob | history

diff --git a/llvm/include/llvm/Object/ELF.h b/llvm/include/llvm/Object/ELF.h
index d1de25d..2c715bf 100644 (file)
--- a/llvm/include/llvm/Object/ELF.h
+++ b/llvm/include/llvm/Object/ELF.h
@@ -347,6 +347,12 @@ ELFFile<ELFT>::ELFFile(StringRef Object, std::error_code &EC)
   // The getNumSections() call below depends on SectionHeaderTable being set.
   SectionHeaderTable =
     reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset);
+  if (getNumSections() > UINT64_MAX / Header->e_shentsize) {
+    // Section table goes past end of file!
+    EC = object_error::parse_failed;
+    return;
+  }
+
   const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize;
 
   if (SectionTableOffset + SectionTableSize > FileSize) {
diff --git a/llvm/test/Object/Inputs/invalid-sections-num.elf b/llvm/test/Object/Inputs/invalid-sections-num.elf
new file mode 100644 (file)
index 0000000..d8d5bc8
Binary files /dev/null and b/llvm/test/Object/Inputs/invalid-sections-num.elf differ
diff --git a/llvm/test/Object/invalid.test b/llvm/test/Object/invalid.test
index a0016fe..dd431aa 100644 (file)
--- a/llvm/test/Object/invalid.test
+++ b/llvm/test/Object/invalid.test
@@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the fi
 RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
 INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s
+INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.
Domain: System / Toolchain;