[PATCH] D63191: [lld][ELF] Check length of subsection in .ARM.attributes

[Eugene Leviant via Phabricator via llvm-commits]

evgeny777 created this revision.
evgeny777 added reviewers: grimar, ruiu.
evgeny777 added a project: lld.
Herald added subscribers: MaskRay, kristof.beyls, arichardson, javed.absar, emaste.
Herald added a reviewer: espindola.

At the moment ld.lld hangs if .ARM.attributes section contains all zeroes


https://reviews.llvm.org/D63191

Files:
  lib/Support/ARMAttributeParser.cpp
  tools/lld/test/ELF/bad-arm-attributes.test
  tools/lld/test/ELF/bad-arm-attributes2.test


Index: tools/lld/test/ELF/bad-arm-attributes2.test
===================================================================
--- tools/lld/test/ELF/bad-arm-attributes2.test
+++ tools/lld/test/ELF/bad-arm-attributes2.test
@@ -0,0 +1,19 @@
+# RUN: yaml2obj %s -o %t.o
+# RUN: ld.lld %t.o 2>&1 | FileCheck %s
+
+# CHECK: invalid subsection length 65535 at offset 1
+
+!ELF
+FileHeader:
+  Class:           ELFCLASS32
+  Data:            ELFDATA2LSB
+  Type:            ET_REL
+  Machine:         EM_ARM
+Sections:
+  - Name:            .ARM.attributes
+    Type:            SHT_ARM_ATTRIBUTES
+    Flags:           [ SHF_ALLOC ]
+    Content:         "00FFFF00000000"
+    Address:         0x1000
+    AddressAlign:    0x8
+
Index: tools/lld/test/ELF/bad-arm-attributes.test
===================================================================
--- tools/lld/test/ELF/bad-arm-attributes.test
+++ tools/lld/test/ELF/bad-arm-attributes.test
@@ -0,0 +1,19 @@
+# RUN: yaml2obj %s -o %t.o
+# RUN: ld.lld %t.o 2>&1 | FileCheck %s
+
+# CHECK: invalid subsection length 0 at offset 1
+
+!ELF
+FileHeader:
+  Class:           ELFCLASS32
+  Data:            ELFDATA2LSB
+  Type:            ET_REL
+  Machine:         EM_ARM
+Sections:
+  - Name:            .ARM.attributes
+    Type:            SHT_ARM_ATTRIBUTES
+    Flags:           [ SHF_ALLOC ]
+    Content:         "00000000000000"
+    Address:         0x1000
+    AddressAlign:    0x8
+
Index: lib/Support/ARMAttributeParser.cpp
===================================================================
--- lib/Support/ARMAttributeParser.cpp
+++ lib/Support/ARMAttributeParser.cpp
@@ -709,6 +709,12 @@
       SW->indent();
     }
 
+    if (SectionLength == 0 || (SectionLength + Offset) > Section.size()) {
+      errs() << "invalid subsection length " << SectionLength << " at offset "
+             << Offset << "\n";
+      return;
+    }
+
     ParseSubsection(Section.data() + Offset, SectionLength);
     Offset = Offset + SectionLength;
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63191.204242.patch
Type: text/x-patch
Size: 1979 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190612/36e69518/attachment.bin>