[llvm-bugs] [Bug 34818] New: COFFObjectFile crash when iterating imported symbols

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Oct 3 11:13:12 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=34818

            Bug ID: 34818
           Summary: COFFObjectFile crash when iterating imported symbols
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: w.parker.thompson at gmail.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 19224
  --> https://bugs.llvm.org/attachment.cgi?id=19224&action=edit
Coff file that causes a null ptr segv

A malformed PE file can cause LLVM to crash when iterating the
imported_symbols() API on the COFFObjectFile.

It appears that importedSymbolEnd() that there is a missing null check of
IntPtr after the call:
Object->getRvaPtr(RVA, IntPtr);

Reproduction steps (tested against current master branch in github mirror):

./bin/llvm-objdump -private-headers /path/to/attached/file

Stack trace:

#0 0x0000555dbd61a62d llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/user/llvm/lib/Support/Unix/Signals.inc:398:0
#1 0x0000555dbd61a6d1 PrintStackTraceSignalHandler(void*)
/home/user/llvm/lib/Support/Unix/Signals.inc:462:0
#2 0x0000555dbd618764 llvm::sys::RunSignalHandlers()
/home/user/llvm/lib/Support/Signals.cpp:49:0
#3 0x0000555dbd619dde SignalHandler(int)
/home/user/llvm/lib/Support/Unix/Signals.inc:252:0
#4 0x00007fa8b8ff7da0 __restore_rt (/usr/lib/libpthread.so.0+0x11da0)
#5 0x0000555dbd010d79 unsigned int llvm::support::endian::read<unsigned int,
1ul>(void const*, llvm::support::endianness)
/home/user/llvm/include/llvm/Support/Endian.h:69:0
#6 0x0000555dbd011905 unsigned int llvm::support::endian::read<unsigned int,
(llvm::support::endianness)1, 1ul>(void const*)
/home/user/llvm/include/llvm/Support/Endian.h:81:0
#7 0x0000555dbd009ebb
llvm::support::detail::packed_endian_specific_integral<unsigned int,
(llvm::support::endianness)1, 1ul>::operator unsigned int() const
/home/user/llvm/include/llvm/Support/Endian.h:218:0
#8 0x0000555dbd4871b5 importedSymbolEnd(unsigned int,
llvm::object::COFFObjectFile const*)
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1309:0
#9 0x0000555dbd487337
llvm::object::ImportDirectoryEntryRef::imported_symbol_end() const
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1329:0
#10 0x0000555dbd487399
llvm::object::ImportDirectoryEntryRef::imported_symbols() const
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1333:0
#11 0x0000555dbd040aa5 printImportTables(llvm::object::COFFObjectFile const*)
/home/user/llvm/tools/llvm-objdump/COFFDump.cpp:368:0
#12 0x0000555dbd041fb8 llvm::printCOFFFileHeader(llvm::object::ObjectFile
const*) /home/user/llvm/tools/llvm-objdump/COFFDump.cpp:616:0
#13 0x0000555dbcff81c1 printPrivateFileHeaders(llvm::object::ObjectFile const*,
bool) /home/user/llvm/tools/llvm-objdump/llvm-objdump.cpp:2013:0
#14 0x0000555dbcff85ef DumpObject(llvm::object::ObjectFile*,
llvm::object::Archive const*)
/home/user/llvm/tools/llvm-objdump/llvm-objdump.cpp:2051:0
#15 0x0000555dbcff8e9d DumpInput(llvm::StringRef)
/home/user/llvm/tools/llvm-objdump/llvm-objdump.cpp:2129:0
#16 0x0000555dbd010206 void
(*std::for_each<__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >, void
(*)(llvm::StringRef)>(__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >,
__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >, void
(*)(llvm::StringRef)))(llvm::StringRef)
/usr/include/c++/7.2.0/bits/stl_algo.h:3883:0
#17 0x0000555dbcff95ae main
/home/user/llvm/tools/llvm-objdump/llvm-objdump.cpp:2192:0
#18 0x00007fa8b7ad6f6a __libc_start_main (/usr/lib/libc.so.6+0x20f6a)
#19 0x0000555dbcfeda6a _start (./bin/llvm-objdump+0x2aea6a)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171003/b54ace04/attachment-0001.html>

More information about the llvm-bugs mailing list