[llvm-bugs] [Bug 34705] New: Crash when a symbol references external version definition

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Sep 22 11:05:01 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=34705

            Bug ID: 34705
           Summary: Crash when a symbol references external version
                    definition
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: ELF
          Assignee: unassignedbugs at nondot.org
          Reporter: arichardson.kde at gmail.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 19187
  --> https://bugs.llvm.org/attachment.cgi?id=19187&action=edit
libmp.so

template <class ELFT> void SharedFile<ELFT>::parseRest() access beyond the end
of Verdefs array when loading a file that uses external version definitions. It
seems like those are not handled by parseVerdefs().


The full reproducer is 1.3MB so I can't upload it here. I have attached the
file that causes the out-of-bounds access here.

The crash happens here when accessing one past the end of the vector:
Parsing symbol __cxa_finalize in
home/alr48/cheri/build-postmerge/cheribsd-obj-256/mips.mips64/exports/users/alr48/sources/cheribsd-postmerge/tmp/usr/lib/libmp.so
versym idx=9

There are only 8 entries in the Verdefs vector which seems to map to the local
definitions from objdump:

```
Version definitions:
1 0x01 0x0432cf87 libmp.so.7
2 0x00 0x077a28b0 FBSD_1.0
3 0x00 0x077a28b1 FBSD_1.1
4 0x00 0x077a28b2 FBSD_1.2
5 0x00 0x077a28b3 FBSD_1.3
6 0x00 0x077a28b4 FBSD_1.4
7 0x00 0x077a28b5 FBSD_1.5
8 0x00 0x0f1efaa0 FBSDprivate_1.0

Version References:
  required from libc.so.7:
    0x077a28b0 0x00 09 FBSD_1.0
    0x077a28b3 0x00 10 FBSD_1.3
private flags = 30000007: [abi=64] [mips4] [not 32bitmode] [noreorder] [PIC]
[CPIC]
```

I have pushed a workaround to our fork of lld here:
https://github.com/CTSRD-CHERI/lld/commit/deaa6ee818434e9f002702b04b719ad7e5cb4971

If you think this is an appropriate fix/workaround for missing features, I'll
upload it to Phabricator.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170922/bdb3ad30/attachment.html>

More information about the llvm-bugs mailing list