static Error parseSegmentLoadCommand(
const MachOObjectFile *Obj, const MachOObjectFile::LoadCommandInfo &Load,
SmallVectorImpl<const char *> &Sections, bool &IsPageZeroSegment,
- uint32_t LoadCommandIndex, const char *CmdName, uint64_t SizeOfHeaders) {
+ uint32_t LoadCommandIndex, const char *CmdName, uint64_t SizeOfHeaders,
+ std::list<MachOElement> &Elements) {
const unsigned SegmentLoadSize = sizeof(Segment);
if (Load.C.cmdsize < SegmentLoadSize)
return malformedError("load command " + Twine(LoadCommandIndex) +
Twine(LoadCommandIndex) +
" greater than than "
"the segment's vmaddr plus vmsize");
+ if (Obj->getHeader().filetype != MachO::MH_DYLIB_STUB &&
+ Obj->getHeader().filetype != MachO::MH_DSYM &&
+ s.flags != MachO::S_ZEROFILL &&
+ s.flags != MachO::S_THREAD_LOCAL_ZEROFILL)
+ if (Error Err = checkOverlappingElement(Elements, s.offset, s.size,
+ "section contents"))
+ return Err;
if (s.reloff > FileSize)
return malformedError("reloff field of section " + Twine(J) + " in " +
CmdName + " command " + Twine(LoadCommandIndex) +
Twine(J) + " in " + CmdName + " command " +
Twine(LoadCommandIndex) +
" extends past the end of the file");
+ if (Error Err = checkOverlappingElement(Elements, s.reloff, s.nreloc *
+ sizeof(struct
+ MachO::relocation_info),
+ "section relocation entries"))
+ return Err;
}
if (S.fileoff > FileSize)
return malformedError("load command " + Twine(LoadCommandIndex) +
static Error checkDysymtabCommand(const MachOObjectFile *Obj,
const MachOObjectFile::LoadCommandInfo &Load,
uint32_t LoadCommandIndex,
- const char **DysymtabLoadCmd) {
+ const char **DysymtabLoadCmd,
+ std::list<MachOElement> &Elements) {
if (Load.C.cmdsize < sizeof(MachO::dysymtab_command))
return malformedError("load command " + Twine(LoadCommandIndex) +
" LC_DYSYMTAB cmdsize too small");
"dylib_table_of_contents) of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.tocoff,
+ Dysymtab.ntoc * sizeof(struct
+ MachO::dylib_table_of_contents),
+ "table of contents"))
+ return Err;
if (Dysymtab.modtaboff > FileSize)
return malformedError("modtaboff field of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
BigSize = Dysymtab.nmodtab;
const char *struct_dylib_module_name;
+ uint64_t sizeof_modtab;
if (Obj->is64Bit()) {
- BigSize *= sizeof(MachO::dylib_module_64);
+ sizeof_modtab = sizeof(MachO::dylib_module_64);
struct_dylib_module_name = "struct dylib_module_64";
} else {
- BigSize *= sizeof(MachO::dylib_module);
+ sizeof_modtab = sizeof(MachO::dylib_module);
struct_dylib_module_name = "struct dylib_module";
}
+ BigSize *= sizeof_modtab;
BigSize += Dysymtab.modtaboff;
if (BigSize > FileSize)
return malformedError("modtaboff field plus nmodtab field times sizeof(" +
Twine(struct_dylib_module_name) + ") of LC_DYSYMTAB "
"command " + Twine(LoadCommandIndex) + " extends "
"past the end of the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.modtaboff,
+ Dysymtab.nmodtab * sizeof_modtab,
+ "module table"))
+ return Err;
if (Dysymtab.extrefsymoff > FileSize)
return malformedError("extrefsymoff field of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"sizeof(struct dylib_reference) of LC_DYSYMTAB "
"command " + Twine(LoadCommandIndex) + " extends "
"past the end of the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.extrefsymoff,
+ Dysymtab.nextrefsyms *
+ sizeof(MachO::dylib_reference),
+ "reference table"))
+ return Err;
if (Dysymtab.indirectsymoff > FileSize)
return malformedError("indirectsymoff field of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"sizeof(uint32_t) of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.indirectsymoff,
+ Dysymtab.nindirectsyms *
+ sizeof(uint32_t),
+ "indirect table"))
+ return Err;
if (Dysymtab.extreloff > FileSize)
return malformedError("extreloff field of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"(struct relocation_info) of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.extreloff,
+ Dysymtab.nextrel *
+ sizeof(MachO::relocation_info),
+ "external relocation table"))
+ return Err;
if (Dysymtab.locreloff > FileSize)
return malformedError("locreloff field of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"(struct relocation_info) of LC_DYSYMTAB command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, Dysymtab.locreloff,
+ Dysymtab.nlocrel *
+ sizeof(MachO::relocation_info),
+ "local relocation table"))
+ return Err;
*DysymtabLoadCmd = Load.Ptr;
return Error::success();
}
static Error checkLinkeditDataCommand(const MachOObjectFile *Obj,
const MachOObjectFile::LoadCommandInfo &Load,
uint32_t LoadCommandIndex,
- const char **LoadCmd, const char *CmdName) {
+ const char **LoadCmd, const char *CmdName,
+ std::list<MachOElement> &Elements,
+ const char *ElementName) {
if (Load.C.cmdsize < sizeof(MachO::linkedit_data_command))
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
CmdName + " cmdsize too small");
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, LinkData.dataoff,
+ LinkData.datasize, ElementName))
+ return Err;
*LoadCmd = Load.Ptr;
return Error::success();
}
static Error checkDyldInfoCommand(const MachOObjectFile *Obj,
const MachOObjectFile::LoadCommandInfo &Load,
uint32_t LoadCommandIndex,
- const char **LoadCmd, const char *CmdName) {
+ const char **LoadCmd, const char *CmdName,
+ std::list<MachOElement> &Elements) {
if (Load.C.cmdsize < sizeof(MachO::dyld_info_command))
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
CmdName + " cmdsize too small");
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, DyldInfo.rebase_off,
+ DyldInfo.rebase_size,
+ "dyld rebase info"))
+ return Err;
if (DyldInfo.bind_off > FileSize)
return malformedError("bind_off field of " + Twine(CmdName) +
" command " + Twine(LoadCommandIndex) + " extends "
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, DyldInfo.bind_off,
+ DyldInfo.bind_size,
+ "dyld bind info"))
+ return Err;
if (DyldInfo.weak_bind_off > FileSize)
return malformedError("weak_bind_off field of " + Twine(CmdName) +
" command " + Twine(LoadCommandIndex) + " extends "
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, DyldInfo.weak_bind_off,
+ DyldInfo.weak_bind_size,
+ "dyld weak bind info"))
+ return Err;
if (DyldInfo.lazy_bind_off > FileSize)
return malformedError("lazy_bind_off field of " + Twine(CmdName) +
" command " + Twine(LoadCommandIndex) + " extends "
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, DyldInfo.lazy_bind_off,
+ DyldInfo.lazy_bind_size,
+ "dyld lazy bind info"))
+ return Err;
if (DyldInfo.export_off > FileSize)
return malformedError("export_off field of " + Twine(CmdName) +
" command " + Twine(LoadCommandIndex) + " extends "
Twine(CmdName) + " command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, DyldInfo.export_off,
+ DyldInfo.export_size,
+ "dyld export info"))
+ return Err;
*LoadCmd = Load.Ptr;
return Error::success();
}
const MachOObjectFile::LoadCommandInfo
&Load,
uint32_t LoadCommandIndex,
- const char **LoadCmd) {
+ const char **LoadCmd,
+ std::list<MachOElement> &Elements) {
if (Load.C.cmdsize != sizeof(MachO::twolevel_hints_command))
return malformedError("load command " + Twine(LoadCommandIndex) +
" LC_TWOLEVEL_HINTS has incorrect cmdsize");
"twolevel_hint) field of LC_TWOLEVEL_HINTS command " +
Twine(LoadCommandIndex) + " extends past the end of "
"the file");
+ if (Error Err = checkOverlappingElement(Elements, Hints.offset, Hints.nhints *
+ sizeof(MachO::twolevel_hint),
+ "two level hints"))
+ return Err;
*LoadCmd = Load.Ptr;
return Error::success();
}
if ((Err = checkSymtabCommand(this, Load, I, &SymtabLoadCmd, Elements)))
return;
} else if (Load.C.cmd == MachO::LC_DYSYMTAB) {
- if ((Err = checkDysymtabCommand(this, Load, I, &DysymtabLoadCmd)))
+ if ((Err = checkDysymtabCommand(this, Load, I, &DysymtabLoadCmd,
+ Elements)))
return;
} else if (Load.C.cmd == MachO::LC_DATA_IN_CODE) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &DataInCodeLoadCmd,
- "LC_DATA_IN_CODE")))
+ "LC_DATA_IN_CODE", Elements,
+ "data in code info")))
return;
} else if (Load.C.cmd == MachO::LC_LINKER_OPTIMIZATION_HINT) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &LinkOptHintsLoadCmd,
- "LC_LINKER_OPTIMIZATION_HINT")))
+ "LC_LINKER_OPTIMIZATION_HINT",
+ Elements, "linker optimization "
+ "hints")))
return;
} else if (Load.C.cmd == MachO::LC_FUNCTION_STARTS) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &FuncStartsLoadCmd,
- "LC_FUNCTION_STARTS")))
+ "LC_FUNCTION_STARTS", Elements,
+ "function starts data")))
return;
} else if (Load.C.cmd == MachO::LC_SEGMENT_SPLIT_INFO) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &SplitInfoLoadCmd,
- "LC_SEGMENT_SPLIT_INFO")))
+ "LC_SEGMENT_SPLIT_INFO", Elements,
+ "split info data")))
return;
} else if (Load.C.cmd == MachO::LC_DYLIB_CODE_SIGN_DRS) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &CodeSignDrsLoadCmd,
- "LC_DYLIB_CODE_SIGN_DRS")))
+ "LC_DYLIB_CODE_SIGN_DRS", Elements,
+ "code signing RDs data")))
return;
} else if (Load.C.cmd == MachO::LC_CODE_SIGNATURE) {
if ((Err = checkLinkeditDataCommand(this, Load, I, &CodeSignLoadCmd,
- "LC_CODE_SIGNATURE")))
+ "LC_CODE_SIGNATURE", Elements,
+ "code signature data")))
return;
} else if (Load.C.cmd == MachO::LC_DYLD_INFO) {
if ((Err = checkDyldInfoCommand(this, Load, I, &DyldInfoLoadCmd,
- "LC_DYLD_INFO")))
+ "LC_DYLD_INFO", Elements)))
return;
} else if (Load.C.cmd == MachO::LC_DYLD_INFO_ONLY) {
if ((Err = checkDyldInfoCommand(this, Load, I, &DyldInfoLoadCmd,
- "LC_DYLD_INFO_ONLY")))
+ "LC_DYLD_INFO_ONLY", Elements)))
return;
} else if (Load.C.cmd == MachO::LC_UUID) {
if (Load.C.cmdsize != sizeof(MachO::uuid_command)) {
if ((Err = parseSegmentLoadCommand<MachO::segment_command_64,
MachO::section_64>(
this, Load, Sections, HasPageZeroSegment, I,
- "LC_SEGMENT_64", SizeOfHeaders)))
+ "LC_SEGMENT_64", SizeOfHeaders, Elements)))
return;
} else if (Load.C.cmd == MachO::LC_SEGMENT) {
if ((Err = parseSegmentLoadCommand<MachO::segment_command,
MachO::section>(
this, Load, Sections, HasPageZeroSegment, I,
- "LC_SEGMENT", SizeOfHeaders)))
+ "LC_SEGMENT", SizeOfHeaders, Elements)))
return;
} else if (Load.C.cmd == MachO::LC_ID_DYLIB) {
if ((Err = checkDylibIdCommand(this, Load, I, &DyldIdLoadCmd)))
// Note: LC_TWOLEVEL_HINTS is really obsolete and is not supported.
} else if (Load.C.cmd == MachO::LC_TWOLEVEL_HINTS) {
if ((Err = checkTwoLevelHintsCommand(this, Load, I,
- &TwoLevelHintsLoadCmd)))
+ &TwoLevelHintsLoadCmd, Elements)))
return;
} else if (isLoadCommandObsolete(Load.C.cmd)) {
Err = malformedError("load command " + Twine(I) + " for cmd value of: " +
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-strtab-overlap 2>&1 | FileCheck -check-prefix INVALID-STRTAB-OVERLAP %s
INVALID-STRTAB-OVERLAP: macho-invalid-strtab-overlap': truncated or malformed object (string table at offset 60 with a size of 16, overlaps symbol table at offset 52 with a size of 12)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-section-overlap 2>&1 | FileCheck -check-prefix INVALID-SECTION-OVERLAP %s
+INVALID-SECTION-OVERLAP: macho-invalid-section-overlap': truncated or malformed object (symbol table at offset 208 with a size of 12, overlaps section contents at offset 184 with a size of 32)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-reloc-overlap 2>&1 | FileCheck -check-prefix INVALID-RELOC-OVERLAP %s
+INVALID-RELOC-OVERLAP: macho-invalid-reloc-overlap': truncated or malformed object (section relocation entries at offset 204 with a size of 8, overlaps section contents at offset 176 with a size of 32)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-toc-overlap 2>&1 | FileCheck -check-prefix INVALID-TOC-OVERLAP %s
+INVALID-TOC-OVERLAP: macho-invalid-toc-overlap': truncated or malformed object (table of contents at offset 292 with a size of 8, overlaps section relocation entries at offset 288 with a size of 8)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-modtab-overlap 2>&1 | FileCheck -check-prefix INVALID-MODTAB-OVERLAP %s
+INVALID-MODTAB-OVERLAP: macho-invalid-modtab-overlap': truncated or malformed object (module table at offset 300 with a size of 52, overlaps table of contents at offset 296 with a size of 8)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-extrefsyms-overlap 2>&1 | FileCheck -check-prefix INVALID-EXTREFSYMS-OVERLAP %s
+INVALID-EXTREFSYMS-OVERLAP: macho-invalid-extrefsyms-overlap': truncated or malformed object (reference table at offset 352 with a size of 4, overlaps module table at offset 304 with a size of 52)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-indirectsyms-overlap 2>&1 | FileCheck -check-prefix INVALID-INDIRECTSYMS-OVERLAP %s
+INVALID-INDIRECTSYMS-OVERLAP: macho-invalid-indirectsyms-overlap': truncated or malformed object (indirect table at offset 364 with a size of 4, overlaps section contents at offset 364 with a size of 4)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-extreloff-overlap 2>&1 | FileCheck -check-prefix INVALID-EXTRELOFF-OVERLAP %s
+INVALID-EXTRELOFF-OVERLAP: macho-invalid-extreloff-overlap': truncated or malformed object (external relocation table at offset 424 with a size of 8, overlaps reference table at offset 424 with a size of 4)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-locreloff-overlap 2>&1 | FileCheck -check-prefix INVALID-LOCRELOFF-OVERLAP %s
+INVALID-LOCRELOFF-OVERLAP: macho-invalid-locreloff-overlap': truncated or malformed object (local relocation table at offset 432 with a size of 8, overlaps external relocation table at offset 428 with a size of 8)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-hints-overlap 2>&1 | FileCheck -check-prefix INVALID-HINTS-OVERLAP %s
+INVALID-HINTS-OVERLAP: macho-invalid-hints-overlap': truncated or malformed object (two level hints at offset 104 with a size of 4, overlaps Mach-O headers at offset 0 with a size of 108)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-codesig-overlap 2>&1 | FileCheck -check-prefix INVALID-CODESIG-OVERLAP %s
+INVALID-CODESIG-OVERLAP: macho-invalid-codesig-overlap': truncated or malformed object (code signature data at offset 40 with a size of 32, overlaps Mach-O headers at offset 0 with a size of 48)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-rebase-overlap 2>&1 | FileCheck -check-prefix INVALID-REBASE-OVERLAP %s
+INVALID-REBASE-OVERLAP: macho-invalid-rebase-overlap': truncated or malformed object (dyld rebase info at offset 72 with a size of 32, overlaps Mach-O headers at offset 0 with a size of 80)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-bind-overlap 2>&1 | FileCheck -check-prefix INVALID-BIND-OVERLAP %s
+INVALID-BIND-OVERLAP: macho-invalid-bind-overlap': truncated or malformed object (dyld bind info at offset 104 with a size of 32, overlaps dyld rebase info at offset 80 with a size of 32)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-weak_bind-overlap 2>&1 | FileCheck -check-prefix INVALID-WEAK_BIND-OVERLAP %s
+INVALID-WEAK_BIND-OVERLAP: macho-invalid-weak_bind-overlap': truncated or malformed object (dyld weak bind info at offset 136 with a size of 32, overlaps dyld bind info at offset 112 with a size of 32)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-lazy_bind-overlap 2>&1 | FileCheck -check-prefix INVALID-LAZY_BIND-OVERLAP %s
+INVALID-LAZY_BIND-OVERLAP: macho-invalid-lazy_bind-overlap': truncated or malformed object (dyld lazy bind info at offset 168 with a size of 32, overlaps dyld weak bind info at offset 144 with a size of 32)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-export-overlap 2>&1 | FileCheck -check-prefix INVALID-EXPORT-OVERLAP %s
+INVALID-EXPORT-OVERLAP: macho-invalid-export-overlap': truncated or malformed object (dyld export info at offset 200 with a size of 32, overlaps dyld lazy bind info at offset 176 with a size of 32)