From f01f65ea593bf1bbdcbeb425e1053ac3bbd9644d Mon Sep 17 00:00:00 2001 From: George Rimar Date: Mon, 31 Oct 2016 15:33:00 +0000 Subject: [PATCH] Recommit r285285 - [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large. with fix: edited invalid-section-index2.elf input to pass the new check and fail on the same place it was intended to fail. Original commit message: Elf.h already has code checking that section table does not go past end of file. Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize because of calculation overflow. Parch fixes the issue. Differential revision: https://reviews.llvm.org/D25432 llvm-svn: 285586 --- llvm/include/llvm/Object/ELF.h | 6 ++++++ llvm/test/Object/Inputs/invalid-section-index2.elf | Bin 435 -> 435 bytes llvm/test/Object/Inputs/invalid-sections-num.elf | Bin 0 -> 528 bytes llvm/test/Object/invalid.test | 3 +++ 4 files changed, 9 insertions(+) create mode 100644 llvm/test/Object/Inputs/invalid-sections-num.elf diff --git a/llvm/include/llvm/Object/ELF.h b/llvm/include/llvm/Object/ELF.h index d1de25d2..2c715bf 100644 --- a/llvm/include/llvm/Object/ELF.h +++ b/llvm/include/llvm/Object/ELF.h @@ -347,6 +347,12 @@ ELFFile::ELFFile(StringRef Object, std::error_code &EC) // The getNumSections() call below depends on SectionHeaderTable being set. SectionHeaderTable = reinterpret_cast(base() + SectionTableOffset); + if (getNumSections() > UINT64_MAX / Header->e_shentsize) { + // Section table goes past end of file! + EC = object_error::parse_failed; + return; + } + const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize; if (SectionTableOffset + SectionTableSize > FileSize) { diff --git a/llvm/test/Object/Inputs/invalid-section-index2.elf b/llvm/test/Object/Inputs/invalid-section-index2.elf index 7667637519cc6c6f250c31737d5338a622653c16..92c372a25f8cdb95ef29a3eb9fc31aaebb14ebac 100644 GIT binary patch delta 24 acmdnYyqS4|6%!-FM4L4n|Dj;whrPyBEg07dWzg#Z8m diff --git a/llvm/test/Object/Inputs/invalid-sections-num.elf b/llvm/test/Object/Inputs/invalid-sections-num.elf new file mode 100644 index 0000000000000000000000000000000000000000..d8d5bc8fe2baa23001cf28023384dd2843fa464c GIT binary patch literal 528 zcmb<-^>JfjWMpQ50!9Wq21XbMiJpPPb^x;>B$6-+lLyE%U|>QK19S9BQY%Ur^pc8; z8Pf9e8T5)vib@ibfOKUpm`+J7NyOBJOGE*egaA+i?kTXM`(UyFszD7(!zgq=gZLoK z22%i~9nknNE(?sozz1e207;O3R5vg%H~_`)0d}Ay2M{CcQv~uIfEXJ<*b9-B08;Q! WZ$Rj9fHDoBG|Yb>yFdV>4+H=$1`_W8 literal 0 HcmV?d00001 diff --git a/llvm/test/Object/invalid.test b/llvm/test/Object/invalid.test index a0016fe..dd431aa 100644 --- a/llvm/test/Object/invalid.test +++ b/llvm/test/Object/invalid.test @@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the fi RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \ RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file. + +RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s +INVALID-SECTION-NUM: Invalid data was encountered while parsing the file. -- 2.7.4