[llvm] r206145 - tools: address possible non-null terminated filenames
Saleem Abdulrasool
compnerd at compnerd.org
Sun Apr 13 19:37:24 PDT 2014
Author: compnerd
Date: Sun Apr 13 21:37:23 2014
New Revision: 206145
URL: http://llvm.org/viewvc/llvm-project?rev=206145&view=rev
Log:
tools: address possible non-null terminated filenames
If a filename is a multiple of 18 characters, there will be no null-terminator.
This will result in an invalid access by the constructed StringRef. Add a test
case to exercise this and fix that handling. Address this same vulnerability in
llvm-readobj as well.
Added:
llvm/trunk/test/tools/llvm-objdump/Inputs/file-aux-record.yaml
llvm/trunk/test/tools/llvm-objdump/coff-non-null-terminated-file.test
llvm/trunk/test/tools/llvm-readobj/Inputs/file-aux-record.yaml
llvm/trunk/test/tools/llvm-readobj/coff-non-null-terminated-file.test
Modified:
llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp
llvm/trunk/tools/llvm-readobj/COFFDumper.cpp
Added: llvm/trunk/test/tools/llvm-objdump/Inputs/file-aux-record.yaml
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-objdump/Inputs/file-aux-record.yaml?rev=206145&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-objdump/Inputs/file-aux-record.yaml (added)
+++ llvm/trunk/test/tools/llvm-objdump/Inputs/file-aux-record.yaml Sun Apr 13 21:37:23 2014
@@ -0,0 +1,21 @@
+header: !Header
+ Machine: IMAGE_FILE_MACHINE_I386 # (0x14c)
+ Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ]
+sections:
+symbols:
+ - !Symbol
+ Name: .file
+ Value: 0
+ SectionNumber: 65534
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_FILE
+ File: eighteen-chars.obj
+ - !Symbol
+ Name: '@comp.id'
+ Value: 13485607
+ SectionNumber: 65535
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+
Added: llvm/trunk/test/tools/llvm-objdump/coff-non-null-terminated-file.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-objdump/coff-non-null-terminated-file.test?rev=206145&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-objdump/coff-non-null-terminated-file.test (added)
+++ llvm/trunk/test/tools/llvm-objdump/coff-non-null-terminated-file.test Sun Apr 13 21:37:23 2014
@@ -0,0 +1,5 @@
+RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-objdump -t - | FileCheck %s
+
+CHECK: .file
+CHECK: AUX eighteen-chars.obj{{$}}
+
Added: llvm/trunk/test/tools/llvm-readobj/Inputs/file-aux-record.yaml
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-readobj/Inputs/file-aux-record.yaml?rev=206145&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-readobj/Inputs/file-aux-record.yaml (added)
+++ llvm/trunk/test/tools/llvm-readobj/Inputs/file-aux-record.yaml Sun Apr 13 21:37:23 2014
@@ -0,0 +1,21 @@
+header: !Header
+ Machine: IMAGE_FILE_MACHINE_I386 # (0x14c)
+ Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ]
+sections:
+symbols:
+ - !Symbol
+ Name: .file
+ Value: 0
+ SectionNumber: 65534
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_FILE
+ File: eighteen-chars.obj
+ - !Symbol
+ Name: '@comp.id'
+ Value: 13485607
+ SectionNumber: 65535
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+
Added: llvm/trunk/test/tools/llvm-readobj/coff-non-null-terminated-file.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-readobj/coff-non-null-terminated-file.test?rev=206145&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-readobj/coff-non-null-terminated-file.test (added)
+++ llvm/trunk/test/tools/llvm-readobj/coff-non-null-terminated-file.test Sun Apr 13 21:37:23 2014
@@ -0,0 +1,20 @@
+RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-readobj -t - | FileCheck %s
+
+CHECK: Symbols [
+CHECK: Symbol {
+CHECK: Name: .file
+CHECK: Value: 0
+CHECK: StorageClass: File
+CHECK: AuxSymbolCount: 1
+CHECK: AuxFileRecord {
+CHECK: FileName: eighteen-chars.obj{{$}}
+CHECK: }
+CHECK: }
+CHECK: Symbol {
+CHECK: Name: @comp.id
+CHECK: Value: 13485607
+CHECK: StorageClass: Static
+CHECK: AuxSymbolCount: 0
+CHECK: }
+CHECK: ]
+
Modified: llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp?rev=206145&r1=206144&r2=206145&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp (original)
+++ llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp Sun Apr 13 21:37:23 2014
@@ -669,17 +669,7 @@ static void PrintCOFFSymbolTable(const C
const coff_symbol *symbol = 0;
for (int i = 0, e = header->NumberOfSymbols; i != e; ++i) {
if (aux_count--) {
- switch (symbol->StorageClass) {
- default: outs() << "AUX Unknown\n";
- case COFF::IMAGE_SYM_CLASS_STATIC:
- // Section definition. Follows a symbol-table record that defines a
- // section. Such a record has a symbol name that is the name of a
- // section and has storage class STATIC (3).
- if (symbol->Value) {
- errs() << "invalid entry in Symbol Table";
- break;
- }
-
+ if (symbol->isSectionDefinition()) {
const coff_aux_section_definition *asd;
if (error(coff->getAuxSymbol<coff_aux_section_definition>(i, asd)))
return;
@@ -693,15 +683,17 @@ static void PrintCOFFSymbolTable(const C
<< format("assoc %d comdat %d\n"
, unsigned(asd->Number)
, unsigned(asd->Selection));
- break;
- case COFF::IMAGE_SYM_CLASS_FILE:
+ } else if (symbol->isFileRecord()) {
const coff_aux_file *AF;
if (error(coff->getAuxSymbol<coff_aux_file>(i, AF)))
return;
- outs() << "AUX " << StringRef(AF->FileName) << '\n';
+
+ StringRef Name(AF->FileName, (aux_count + 1) * COFF::SymbolSize);
+ outs() << "AUX " << Name.rtrim(StringRef("\0", 1)) << '\n';
i = i + aux_count;
aux_count = 0;
- break;
+ } else {
+ outs() << "AUX Unknown\n";
}
} else {
StringRef name;
Modified: llvm/trunk/tools/llvm-readobj/COFFDumper.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-readobj/COFFDumper.cpp?rev=206145&r1=206144&r2=206145&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-readobj/COFFDumper.cpp (original)
+++ llvm/trunk/tools/llvm-readobj/COFFDumper.cpp Sun Apr 13 21:37:23 2014
@@ -977,7 +977,10 @@ void COFFDumper::printSymbol(const Symbo
break;
DictScope AS(W, "AuxFileRecord");
- W.printString("FileName", StringRef(Aux->FileName));
+
+ StringRef Name(Aux->FileName,
+ Symbol->NumberOfAuxSymbols * COFF::SymbolSize);
+ W.printString("FileName", Name.rtrim(StringRef("\0", 1)));
} else if (Symbol->isSectionDefinition()) {
const coff_aux_section_definition *Aux;
if (error(getSymbolAuxData(Obj, Symbol + I, Aux)))
More information about the llvm-commits
mailing list