[PATCH] D25432: [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 10 07:15:27 PDT 2016
grimar created this revision.
grimar added reviewers: rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
Elf.h already has code checking that section table does not go past end of file.
Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize
because of calculation overflow.
Parch fixes the issue.
https://reviews.llvm.org/D25432
Files:
include/llvm/Object/ELF.h
test/Object/Inputs/invalid-sections-num.elf
test/Object/invalid.test
Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -68,3 +68,6 @@
RUN: not llvm-readobj -t %p/Inputs/invalid-sections-address-alignment.x86-64 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-SEC-ADDRESS-ALIGNMENT %s
INVALID-SEC-ADDRESS-ALIGNMENT: Invalid address alignment of section headers
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s
+INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.
Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -333,6 +333,12 @@
// The getNumSections() call below depends on SectionHeaderTable being set.
SectionHeaderTable =
reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset);
+ if (getNumSections() > UINT64_MAX / Header->e_shentsize) {
+ // Section table goes past end of file!
+ EC = object_error::parse_failed;
+ return;
+ }
+
const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize;
if (SectionTableOffset + SectionTableSize > FileSize) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25432.74126.patch
Type: text/x-patch
Size: 1275 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161010/08cdf7e3/attachment.bin>
More information about the llvm-commits
mailing list