From 245be3ed2ab4f49df8f7508d8251575720e7fd4d Mon Sep 17 00:00:00 2001 From: Kevin Enderby Date: Thu, 29 Sep 2016 17:45:23 +0000 Subject: [PATCH] Next set of additional error checks for invalid Mach-O files for the load command that uses the Mach::source_version_command type but not used in llvm libObject code but used in llvm tool code. This includes just the LC_SOURCE_VERSION load command. llvm-svn: 282736 --- llvm/lib/Object/MachOObjectFile.cpp | 12 ++++++++++++ llvm/test/Object/Inputs/macho-invalid-source-bad-size | Bin 0 -> 48 bytes llvm/test/Object/Inputs/macho-invalid-source-more-than-one | Bin 0 -> 60 bytes llvm/test/Object/macho-invalid.test | 6 ++++++ 4 files changed, 18 insertions(+) create mode 100644 llvm/test/Object/Inputs/macho-invalid-source-bad-size create mode 100644 llvm/test/Object/Inputs/macho-invalid-source-more-than-one diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 3642394..fd3cb5e 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -750,6 +750,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, const char *SplitInfoLoadCmd = nullptr; const char *CodeSignDrsLoadCmd = nullptr; const char *VersLoadCmd = nullptr; + const char *SourceLoadCmd = nullptr; for (unsigned I = 0; I < LoadCommandCount; ++I) { if (is64Bit()) { if (Load.C.cmdsize % 8 != 0) { @@ -879,6 +880,17 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, } else if (Load.C.cmd == MachO::LC_RPATH) { if ((Err = checkRpathCommand(this, Load, I))) return; + } else if (Load.C.cmd == MachO::LC_SOURCE_VERSION) { + if (Load.C.cmdsize != sizeof(MachO::source_version_command)) { + Err = malformedError("LC_SOURCE_VERSION command " + Twine(I) + + " has incorrect cmdsize"); + return; + } + if (SourceLoadCmd) { + Err = malformedError("more than one LC_SOURCE_VERSION command"); + return; + } + SourceLoadCmd = Load.Ptr; } if (I < LoadCommandCount - 1) { if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load)) diff --git a/llvm/test/Object/Inputs/macho-invalid-source-bad-size b/llvm/test/Object/Inputs/macho-invalid-source-bad-size new file mode 100644 index 0000000000000000000000000000000000000000..5c09e421d7b7c10bd7bd4e5fc2b078166e9d8bb6 GIT binary patch literal 48 gcmX^2>+L^w1_lOZAZCPO9v}?@T0jhAg9U&D0JAy-0ssI2 literal 0 HcmV?d00001 diff --git a/llvm/test/Object/Inputs/macho-invalid-source-more-than-one b/llvm/test/Object/Inputs/macho-invalid-source-more-than-one new file mode 100644 index 0000000000000000000000000000000000000000..148565bda6adb3a10fb0623c42158169459d336d GIT binary patch literal 60 jcmX^2>+L^w1_lOZAZ7$&CLmS-Vi3>*VgWDTU#8 literal 0 HcmV?d00001 diff --git a/llvm/test/Object/macho-invalid.test b/llvm/test/Object/macho-invalid.test index c4048db..c7d7b05 100644 --- a/llvm/test/Object/macho-invalid.test +++ b/llvm/test/Object/macho-invalid.test @@ -322,3 +322,9 @@ INVALID-RPATH-NAME_OFFSET-TOOBIG: macho-invalid-rpath-name_offset-toobig': trunc RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-rpath-name_toobig 2>&1 | FileCheck -check-prefix INVALID-RPATH-NAME_TOOBIG %s INVALID-RPATH-NAME_TOOBIG: macho-invalid-rpath-name_toobig': truncated or malformed object (load command 0 LC_RPATH library name extends past the end of the load command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-source-bad-size 2>&1 | FileCheck -check-prefix INVALID-SOURCE-BAD-SIZE %s +INVALID-SOURCE-BAD-SIZE: macho-invalid-source-bad-size': truncated or malformed object (LC_SOURCE_VERSION command 0 has incorrect cmdsize) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-source-more-than-one 2>&1 | FileCheck -check-prefix INVALID-SOURCE-MORE-THAN-ONE %s +INVALID-SOURCE-MORE-THAN-ONE: macho-invalid-source-more-than-one': truncated or malformed object (more than one LC_SOURCE_VERSION command) -- 2.7.4