[PATCH] D25327: [ELF] - Do not crash on invalid size of dynamic section.

[George Rimar via llvm-commits]

grimar created this revision.
grimar added reviewers: ruiu, rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.

Previously if sh_size of dynamic section was broken,
lld may crash. Or even may not crash if used 32 bits host.
(then value may be truncated to 32 bits when doing pointer arithmetic 
and could be just zero).
Patch fixes the issue.


https://reviews.llvm.org/D25327

Files:
  ELF/InputFiles.cpp
  test/ELF/invalid/Inputs/dynamic-section-sh_size.elf
  test/ELF/invalid/dynamic-section-size.s


Index: test/ELF/invalid/dynamic-section-size.s
===================================================================
--- test/ELF/invalid/dynamic-section-size.s
+++ test/ELF/invalid/dynamic-section-size.s
@@ -0,0 +1,4 @@
+## dynamic-section-sh_size.elf has incorrect sh_size of dynamic section.
+# RUN: not ld.lld %p/Inputs/dynamic-section-sh_size.elf -o %t2 2>&1 | \
+# RUN:   FileCheck %s
+# CHECK: Invalid data was encountered while parsing the file
Index: ELF/InputFiles.cpp
===================================================================
--- ELF/InputFiles.cpp
+++ ELF/InputFiles.cpp
@@ -518,11 +518,11 @@
 
   if (!DynamicSec)
     return;
-  auto *Begin =
-      reinterpret_cast<const Elf_Dyn *>(Obj.base() + DynamicSec->sh_offset);
-  const Elf_Dyn *End = Begin + DynamicSec->sh_size / sizeof(Elf_Dyn);
 
-  for (const Elf_Dyn &Dyn : make_range(Begin, End)) {
+  ArrayRef<Elf_Dyn> Arr =
+      check(Obj.template getSectionContentsAsArray<Elf_Dyn>(DynamicSec),
+            getFilename(this));
+  for (const Elf_Dyn &Dyn : Arr) {
     if (Dyn.d_tag == DT_SONAME) {
       uintX_t Val = Dyn.getVal();
       if (Val >= this->StringTable.size())


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25327.73797.patch
Type: text/x-patch
Size: 1174 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161006/c299823c/attachment.bin>