
<div dir="ltr">I've reverted this change as it was causing buildbot failures on the UBSan bot like the <a href="http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap-ubsan/builds/14047/steps/check-llvm%20ubsan/logs/stdio">following</a>:<div><pre style="font-family:"Courier New",courier,monotype,monospace;color:rgb(0,0,0);font-size:medium"><span class="gmail-stdout">/b/sanitizer-x86_64-linux-bootstrap-ubsan/build/llvm/test/Object/invalid.test:600:21: error: INVALID-SEC-NUM3: expected string not found in input

# INVALID-SEC-NUM3: error: '[[FILE]]': invalid section header table offset (e_shoff = 0xffffffffffffffff) or invalid number of sections specified in the first section header's sh_size field (0x1)

                    ^

<stdin>:1:1: note: scanning from here

/b/sanitizer-x86_64-linux-bootstrap-ubsan/build/llvm/include/llvm/Object/ELF.h:509:49: runtime error: addition of unsigned offset to 0x000002106cf0 overflowed to 0x000002106cef

^

<stdin>:1:1: note: with "FILE" equal to "/b/sanitizer-x86_64-linux-bootstrap-ubsan/build/llvm_build_ubsan/test/Object/Output/invalid\\.test\\.tmp28"

/b/sanitizer-x86_64-linux-bootstrap-ubsan/build/llvm/include/llvm/Object/ELF.h:509:49: runtime error: addition of unsigned offset to 0x000002106cf0 overflowed to 0x000002106cef</span></pre></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 23, 2019 at 4:36 AM George Rimar via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Author: grimar<br>

Date: Tue Jul 23 04:37:14 2019<br>

New Revision: 366796<br>

<br>

URL: <a href="http://llvm.org/viewvc/llvm-project?rev=366796&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=366796&view=rev</a><br>

Log:<br>

[Object/ELF.h] - Improve testing of the fields in ELFFile<ELFT>::sections().<br>

<br>

This eliminates a one error untested and<br>

also introduces a error for one more possible case<br>

which lead to crash previously.<br>

<br>

Differential revision: <a href="https://reviews.llvm.org/D64987" rel="noreferrer" target="_blank">https://reviews.llvm.org/D64987</a><br>

<br>

Modified:<br>

    llvm/trunk/include/llvm/Object/ELF.h<br>

    llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h<br>

    llvm/trunk/test/Object/invalid.test<br>

    llvm/trunk/tools/yaml2obj/yaml2elf.cpp<br>

<br>

Modified: llvm/trunk/include/llvm/Object/ELF.h<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=366796&r1=366795&r2=366796&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=366796&r1=366795&r2=366796&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/include/llvm/Object/ELF.h (original)<br>

+++ llvm/trunk/include/llvm/Object/ELF.h Tue Jul 23 04:37:14 2019<br>

@@ -513,15 +513,22 @@ Expected<typename ELFT::ShdrRange> ELFFi<br>

     NumSections = First->sh_size;<br>

<br>

   if (NumSections > UINT64_MAX / sizeof(Elf_Shdr))<br>

-    // TODO: this error is untested.<br>

-    return createError("section table goes past the end of file");<br>

+    return createError("invalid number of sections specified in the NULL "<br>

+                       "section's sh_size field (" +<br>

+                       Twine(NumSections) + ")");<br>

<br>

   const uint64_t SectionTableSize = NumSections * sizeof(Elf_Shdr);<br>

+  if (SectionTableOffset + SectionTableSize < SectionTableOffset)<br>

+    return createError(<br>

+        "invalid section header table offset (e_shoff = 0x" +<br>

+        Twine::utohexstr(SectionTableOffset) +<br>

+        ") or invalid number of sections specified in the first section "<br>

+        "header's sh_size field (0x" +<br>

+        Twine::utohexstr(NumSections) + ")");<br>

<br>

   // Section table goes past end of file!<br>

   if (SectionTableOffset + SectionTableSize > FileSize)<br>

     return createError("section table goes past the end of file");<br>

-<br>

   return makeArrayRef(First, NumSections);<br>

 }<br>

<br>

<br>

Modified: llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h?rev=366796&r1=366795&r2=366796&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h?rev=366796&r1=366795&r2=366796&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h (original)<br>

+++ llvm/trunk/include/llvm/ObjectYAML/ELFYAML.h Tue Jul 23 04:37:14 2019<br>

@@ -77,7 +77,7 @@ struct FileHeader {<br>

   llvm::yaml::Hex64 Entry;<br>

<br>

   Optional<llvm::yaml::Hex16> SHEntSize;<br>

-  Optional<llvm::yaml::Hex16> SHOffset;<br>

+  Optional<llvm::yaml::Hex64> SHOffset;<br>

   Optional<llvm::yaml::Hex16> SHNum;<br>

   Optional<llvm::yaml::Hex16> SHStrNdx;<br>

 };<br>

<br>

Modified: llvm/trunk/test/Object/invalid.test<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=366796&r1=366795&r2=366796&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=366796&r1=366795&r2=366796&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/test/Object/invalid.test (original)<br>

+++ llvm/trunk/test/Object/invalid.test Tue Jul 23 04:37:14 2019<br>

@@ -552,3 +552,58 @@ FileHeader:<br>

 Sections:<br>

   - Name: .foo<br>

     Type: SHT_PROGBITS<br>

+<br>

+## We report an error if the number of sections stored in sh_size<br>

+## is greater than UINT64_MAX / sizeof(Elf_Shdr) == 288230376151711743.<br>

+## Here we check that do not crash on a border value.<br>

+<br>

+# RUN: yaml2obj --docnum=26 %s -o %t26<br>

+# RUN: not llvm-readobj -h %t26 2>&1 | FileCheck -DFILE=%t26 --check-prefix=INVALID-SEC-NUM1 %s<br>

+<br>

+# INVALID-SEC-NUM1: error: '[[FILE]]': invalid section header table offset (e_shoff = 0x40) or invalid number of sections specified in the first section header's sh_size field (0x3ffffffffffffff)<br>

+<br>

+--- !ELF<br>

+FileHeader:<br>

+  Class:   ELFCLASS64<br>

+  Data:    ELFDATA2LSB<br>

+  Type:    ET_REL<br>

+  Machine: EM_X86_64<br>

+  SHNum:   0x0<br>

+Sections:<br>

+  - Type: SHT_NULL<br>

+    Size: 288230376151711743<br>

+<br>

+## See above, but now we test the UINT64_MAX / sizeof(Elf_Shdr) value.<br>

+## The error is slightly different in this case.<br>

+<br>

+# RUN: yaml2obj --docnum=27 %s -o %t27<br>

+# RUN: not llvm-readobj -h %t27 2>&1 | FileCheck -DFILE=%t27 --check-prefix=INVALID-SEC-NUM2 %s<br>

+<br>

+# INVALID-SEC-NUM2: error: '[[FILE]]': invalid number of sections specified in the NULL section's sh_size field (288230376151711744)<br>

+<br>

+--- !ELF<br>

+FileHeader:<br>

+  Class:   ELFCLASS64<br>

+  Data:    ELFDATA2LSB<br>

+  Type:    ET_REL<br>

+  Machine: EM_X86_64<br>

+  SHNum:   0x0<br>

+Sections:<br>

+  - Type: SHT_NULL<br>

+    Size: 288230376151711744<br>

+<br>

+## Check the case when SHOffset is too large, but SHNum is not. SHOffset + SHNum overflows the uint64 type.<br>

+<br>

+# RUN: yaml2obj --docnum=28 %s -o %t28<br>

+# RUN: not llvm-readobj -h %t28 2>&1 | FileCheck -DFILE=%t28 --check-prefix=INVALID-SEC-NUM3 %s<br>

+<br>

+# INVALID-SEC-NUM3: error: '[[FILE]]': invalid section header table offset (e_shoff = 0xffffffffffffffff) or invalid number of sections specified in the first section header's sh_size field (0x1)<br>

+<br>

+--- !ELF<br>

+FileHeader:<br>

+  Class:    ELFCLASS64<br>

+  Data:     ELFDATA2LSB<br>

+  Type:     ET_REL<br>

+  Machine:  EM_X86_64<br>

+  SHOffset: 0xffffffffffffffff<br>

+  SHNum:    0x1<br>

<br>

Modified: llvm/trunk/tools/yaml2obj/yaml2elf.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/yaml2obj/yaml2elf.cpp?rev=366796&r1=366795&r2=366796&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/yaml2obj/yaml2elf.cpp?rev=366796&r1=366795&r2=366796&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/tools/yaml2obj/yaml2elf.cpp (original)<br>

+++ llvm/trunk/tools/yaml2obj/yaml2elf.cpp Tue Jul 23 04:37:14 2019<br>

@@ -244,7 +244,7 @@ void ELFState<ELFT>::initELFHeader(Elf_E<br>

   // Immediately following the ELF header and program headers.<br>

   Header.e_shoff =<br>

       Doc.Header.SHOffset<br>

-          ? (uint16_t)*Doc.Header.SHOffset<br>

+          ? (typename ELFT::uint)(*Doc.Header.SHOffset)<br>

           : sizeof(Header) + sizeof(Elf_Phdr) * Doc.ProgramHeaders.size();<br>

   Header.e_shnum =<br>

       Doc.Header.SHNum ? (uint16_t)*Doc.Header.SHNum : SN2I.size() + 1;<br>

<br>

<br>

_______________________________________________<br>

llvm-commits mailing list<br>

<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>

<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>

</blockquote></div>