From 2ad0ef6ef19dd1678e05b6d219ea0fdd4853bb64 Mon Sep 17 00:00:00 2001 From: Georgii Rymar Date: Wed, 3 Jun 2020 18:19:05 +0300 Subject: [PATCH] [llvm-readelf] - Do not try to read past the end of the file when dumping the the SHT_GNU_HASH. We have unobvious issue in the condition that is used to check that we do not read past the EOF. The problem is that the result of "GnuHashTable->nbuckets * 4" expression is uint32. Because of that it was still possible to overflow it and pass the check. There was no such problem with the "GnuHashTable->maskwords * sizeof(typename ELFT::Off)" condition, because of `sizeof` on the right (which gives 64-bits value on x64), but I've added an explicit conversion to 64-bit value for `GnuHashTable->maskwords` too. Differential revision: https://reviews.llvm.org/D81103 --- llvm/test/tools/llvm-readobj/ELF/hash-histogram.test | 4 ++-- llvm/tools/llvm-readobj/ELFDumper.cpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/llvm/test/tools/llvm-readobj/ELF/hash-histogram.test b/llvm/test/tools/llvm-readobj/ELF/hash-histogram.test index 4ec772a..a9d2455 100644 --- a/llvm/test/tools/llvm-readobj/ELF/hash-histogram.test +++ b/llvm/test/tools/llvm-readobj/ELF/hash-histogram.test @@ -271,7 +271,7 @@ ProgramHeaders: ## Case A: the 'nbuckets' field is set so that the GNU hash table goes past the end of the file. ## The value of 1 for the NBUCKETS is no-op. -# RUN: yaml2obj --docnum=6 -D MASKWORDS=4294967295 -D NBUCKETS=1 %s -o %t7 +# RUN: yaml2obj --docnum=6 -D MASKWORDS=0x80000000 -D NBUCKETS=1 %s -o %t7 # RUN: llvm-readelf --elf-hash-histogram %t7 2>&1 | \ # RUN: FileCheck %s -DFILE=%t7 --check-prefix=ERR5 --implicit-check-not="Histogram" @@ -279,7 +279,7 @@ ProgramHeaders: ## Case B: the 'maskwords' field is set so that the GNU hash table goes past the end of the file. ## The value of 1 for the MASKWORDS is no-op. -# RUN: yaml2obj --docnum=6 -D MASKWORDS=1 -D NBUCKETS=4294967295 %s -o %t8 +# RUN: yaml2obj --docnum=6 -D MASKWORDS=1 -D NBUCKETS=0x80000000 %s -o %t8 # RUN: llvm-readelf --elf-hash-histogram %t8 2>&1 | \ # RUN: FileCheck %s -DFILE=%t8 --check-prefix=ERR5 --implicit-check-not="Histogram" diff --git a/llvm/tools/llvm-readobj/ELFDumper.cpp b/llvm/tools/llvm-readobj/ELFDumper.cpp index 861149a..6c197cf 100644 --- a/llvm/tools/llvm-readobj/ELFDumper.cpp +++ b/llvm/tools/llvm-readobj/ELFDumper.cpp @@ -2681,8 +2681,8 @@ static Error checkGNUHashTable(const ELFFile *Obj, uint64_t TableOffset = TableData - Obj->base(); if (IsHeaderValid) *IsHeaderValid = TableOffset + /*Header size:*/ 16 < Obj->getBufSize(); - if (TableOffset + 16 + GnuHashTable->nbuckets * 4 + - GnuHashTable->maskwords * sizeof(typename ELFT::Off) >= + if (TableOffset + 16 + (uint64_t)GnuHashTable->nbuckets * 4 + + (uint64_t)GnuHashTable->maskwords * sizeof(typename ELFT::Off) >= Obj->getBufSize()) return createError("unable to dump the SHT_GNU_HASH " "section at 0x" + -- 2.7.4