From 6f69582e9baf23c53258a47f2b2f656e1e0ac855 Mon Sep 17 00:00:00 2001 From: Kevin Enderby Date: Tue, 18 Oct 2016 17:54:17 +0000 Subject: [PATCH] Next set of additional error checks for invalid Mach-O files for the load commands that use the MachO::routines_command and and MachO::routines_command_64 types but are not used in llvm libObject code but used in llvm tool code. This includes the LC_ROUTINES and LC_ROUTINES_64 load commands. llvm-svn: 284504 --- llvm/lib/Object/MachOObjectFile.cpp | 25 +++++++++++++++++++++ .../Object/Inputs/macho-invalid-routines-bad-size | Bin 0 -> 64 bytes .../Inputs/macho-invalid-routines64-more-than-one | Bin 0 -> 140 bytes llvm/test/Object/macho-invalid.test | 6 +++++ 4 files changed, 31 insertions(+) create mode 100644 llvm/test/Object/Inputs/macho-invalid-routines-bad-size create mode 100644 llvm/test/Object/Inputs/macho-invalid-routines64-more-than-one diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 9c927ad..c0d7d83 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -837,6 +837,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, const char *SourceLoadCmd = nullptr; const char *EntryPointLoadCmd = nullptr; const char *EncryptLoadCmd = nullptr; + const char *RoutinesLoadCmd = nullptr; for (unsigned I = 0; I < LoadCommandCount; ++I) { if (is64Bit()) { if (Load.C.cmdsize % 8 != 0) { @@ -1064,6 +1065,30 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, sizeof(MachO::sub_client_command), "sub_client_command", S.client, "client"))) return; + } else if (Load.C.cmd == MachO::LC_ROUTINES) { + if (Load.C.cmdsize != sizeof(MachO::routines_command)) { + Err = malformedError("LC_ROUTINES command " + Twine(I) + + " has incorrect cmdsize"); + return; + } + if (RoutinesLoadCmd) { + Err = malformedError("more than one LC_ROUTINES and or LC_ROUTINES_64 " + "command"); + return; + } + RoutinesLoadCmd = Load.Ptr; + } else if (Load.C.cmd == MachO::LC_ROUTINES_64) { + if (Load.C.cmdsize != sizeof(MachO::routines_command_64)) { + Err = malformedError("LC_ROUTINES_64 command " + Twine(I) + + " has incorrect cmdsize"); + return; + } + if (RoutinesLoadCmd) { + Err = malformedError("more than one LC_ROUTINES_64 and or LC_ROUTINES " + "command"); + return; + } + RoutinesLoadCmd = Load.Ptr; } if (I < LoadCommandCount - 1) { if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load)) diff --git a/llvm/test/Object/Inputs/macho-invalid-routines-bad-size b/llvm/test/Object/Inputs/macho-invalid-routines-bad-size new file mode 100644 index 0000000000000000000000000000000000000000..3cc5ae59eaabe5d252d00907a318e223fe1b96c1 GIT binary patch literal 64 gcmX^2>+L^w1_lOZAZCPO6(9`)f+L^w1_lOZAZ7$&CLk^VVh|7nVhu10KOqH__Q0=%C|Lk*yadbu literal 0 HcmV?d00001 diff --git a/llvm/test/Object/macho-invalid.test b/llvm/test/Object/macho-invalid.test index d9af439..8b33149 100644 --- a/llvm/test/Object/macho-invalid.test +++ b/llvm/test/Object/macho-invalid.test @@ -367,3 +367,9 @@ INVALID-SUBLIB-NAME_OFFSET-TOOBIG: macho-invalid-sublibrary-name_offset-toobig': RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-subclient-name_toobig 2>&1 | FileCheck -check-prefix INVALID-SUBCLIENT-NAME-TOOBIG %s INVALID-SUBCLIENT-NAME-TOOBIG: macho-invalid-subclient-name_toobig': truncated or malformed object (load command 0 LC_SUB_CLIENT client name extends past the end of the load command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-routines-bad-size 2>&1 | FileCheck -check-prefix INVALID-ROUTINES-BAD-SIZE %s +INVALID-ROUTINES-BAD-SIZE: macho-invalid-routines-bad-size': truncated or malformed object (LC_ROUTINES command 0 has incorrect cmdsize) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-routines64-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ROUTINES64-MORE-THAN-ONE %s +INVALID-ROUTINES64-MORE-THAN-ONE: macho-invalid-routines64-more-than-one': truncated or malformed object (more than one LC_ROUTINES_64 and or LC_ROUTINES command) -- 2.7.4