[PATCH] D25025: [ELF, WIP] - Do not crash on invalid symbol index.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Wed Sep 28 08:10:22 PDT 2016 

grimar created this revision.
grimar added reviewers: ruiu, rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.

Relative to PR30540.

**This is WIP patch and I plan to rebase and update soon, after landing D25010
and after possible reducing with using afl-min.
**

There are two reasons to crash now I know about:
1) If .symtab has invalid type in elf, no bodies are created and any relocation
that tries to access them will fail.
This was revealed by "id_000005,sig_11,src_000000,op_flip2,pos_420"

2) If relocation has invalid symbol index. That was handcrafted by me,
since it is also possible case.

Both cases are covered in testcase provided.

https://reviews.llvm.org/D25025

Files:
  ELF/InputFiles.h
  test/ELF/Inputs/invalid-symbol-index.elf
  test/ELF/Inputs/invalid-symbol-index2.elf
  test/ELF/invalid-symbol-index.test

Index: test/ELF/invalid-symbol-index.test
===================================================================
--- test/ELF/invalid-symbol-index.test
+++ test/ELF/invalid-symbol-index.test
@@ -0,0 +1,21 @@
+## invalid-symbol-index.elf has incorrect type of .symtab section:
+## Section Headers:
+##   [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
+##   [ 0]                   NULL            0000000000000000 000000 000000 00      0   0  0
+## ...
+##   [ 4] .symtab           RELA            0000000000000000 000048 000030 18      1   2  8
+## There is no symbol bodies because of that but relocations resolution tries to access them.
+# RUN: not ld.lld %p/Inputs/invalid-symbol-index.elf -o %t2 2>&1 | \
+# RUN:   FileCheck --check-prefix=INVALID-SYMBOL-INDEX %s
+# INVALID-SYMBOL-INDEX: invalid symbol index
+
+## invalid-symbol-index2.elf just contains wrong symbol index in relocation:
+## Relocation section '.rela.text' at offset 0x1c0 contains 1 entries:
+##     Offset             Info             Type               Symbol's Value  Symbol's Name + Addend
+## 0000000000000123  000000ff00000002 R_X86_64_PC32          bad symbol index: 000000ff
+## 
+## Symbol table '.symtab' contains 1 entries:
+##    Num:    Value          Size Type    Bind   Vis      Ndx Name
+##      0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
+# RUN: not ld.lld %p/Inputs/invalid-symbol-index2.elf -o %t2 2>&1 | \
+# RUN:   FileCheck --check-prefix=INVALID-SYMBOL-INDEX %s
Index: ELF/InputFiles.h
===================================================================
--- ELF/InputFiles.h
+++ ELF/InputFiles.h
@@ -145,6 +145,8 @@
   InputSectionBase<ELFT> *getSection(const Elf_Sym &Sym) const;
 
   SymbolBody &getSymbolBody(uint32_t SymbolIndex) const {
+    if (SymbolIndex >= SymbolBodies.size())
+      fatal("invalid symbol index");
     return *SymbolBodies[SymbolIndex];
   }
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25025.72828.patch
Type: text/x-patch
Size: 1947 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160928/d4793a0b/attachment.bin>

More information about the llvm-commits mailing list