[lld] r191865 - [Core] Fix heap overflow in LayoutPass.
Michael J. Spencer
bigcheesegs at gmail.com
Wed Oct 2 16:21:07 PDT 2013
Author: mspencer
Date: Wed Oct 2 18:21:07 2013
New Revision: 191865
URL: http://llvm.org/viewvc/llvm-project?rev=191865&view=rev
Log:
[Core] Fix heap overflow in LayoutPass.
Found this with asan. Code assumes that find doesn't return end, thus if
both atoms didn't have followon roots it would still compare their positions.
Modified:
lld/trunk/lib/Passes/LayoutPass.cpp
lld/trunk/test/elf/X86_64/largebss.test
lld/trunk/test/elf/phdr.test
lld/trunk/test/elf/quickdata.test
lld/trunk/test/elf/sections.test
Modified: lld/trunk/lib/Passes/LayoutPass.cpp
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/lib/Passes/LayoutPass.cpp?rev=191865&r1=191864&r2=191865&view=diff
==============================================================================
--- lld/trunk/lib/Passes/LayoutPass.cpp (original)
+++ lld/trunk/lib/Passes/LayoutPass.cpp Wed Oct 2 18:21:07 2013
@@ -56,10 +56,12 @@ bool LayoutPass::CompareAtoms::operator(
// Sort atoms by their ordinal overrides only if they fall in the same
// chain.
- const DefinedAtom *leftAtom = _layout._followOnRoots.find(left)->second;
- const DefinedAtom *rightAtom = _layout._followOnRoots.find(right)->second;
+ auto leftAtom = _layout._followOnRoots.find(left);
+ auto rightAtom = _layout._followOnRoots.find(right);
- if (leftAtom == rightAtom) {
+ if (leftAtom != _layout._followOnRoots.end() &&
+ rightAtom != _layout._followOnRoots.end() &&
+ leftAtom->second == rightAtom->second) {
if ((lPos != end) && (rPos != end)) {
return lPos->second < rPos->second;
}
Modified: lld/trunk/test/elf/X86_64/largebss.test
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/elf/X86_64/largebss.test?rev=191865&r1=191864&r2=191865&view=diff
==============================================================================
--- lld/trunk/test/elf/X86_64/largebss.test (original)
+++ lld/trunk/test/elf/X86_64/largebss.test Wed Oct 2 18:21:07 2013
@@ -5,17 +5,16 @@
RUN: lld -flavor gnu -target x86_64 %p/Inputs/largebss.o --output-filetype=yaml --noinhibit-exec | FileCheck %s
-
-CHECK: - name: largecommon
+CHECK: - name: largebss
CHECK: scope: global
CHECK: type: zero-fill
CHECK: size: 4000
-CHECK: merge: as-tentative
CHECK: section-name: .bss
-CHECK: - name: largebss
+CHECK: - name: largecommon
CHECK: scope: global
CHECK: type: zero-fill
CHECK: size: 4000
+CHECK: merge: as-tentative
CHECK: section-name: .bss
CHECK: - name: largetbss
CHECK: scope: global
Modified: lld/trunk/test/elf/phdr.test
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/elf/phdr.test?rev=191865&r1=191864&r2=191865&view=diff
==============================================================================
--- lld/trunk/test/elf/phdr.test (original)
+++ lld/trunk/test/elf/phdr.test Wed Oct 2 18:21:07 2013
@@ -63,7 +63,7 @@ I386-NEXT: Offset: 0x4000
I386-NEXT: VirtualAddress: 0x4000
I386-NEXT: PhysicalAddress: 0x4000
I386-NEXT: FileSize: 4
-I386-NEXT: MemSize: 16392
+I386-NEXT: MemSize: 16389
I386-NEXT: Flags [ (0x6)
I386-NEXT: PF_R (0x4)
I386-NEXT: PF_W (0x2)
Modified: lld/trunk/test/elf/quickdata.test
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/elf/quickdata.test?rev=191865&r1=191864&r2=191865&view=diff
==============================================================================
--- lld/trunk/test/elf/quickdata.test (original)
+++ lld/trunk/test/elf/quickdata.test Wed Oct 2 18:21:07 2013
@@ -4,11 +4,11 @@ RUN: --noinhibit-exec | FileCheck %s -ch
hexagon: - name: init
hexagon: scope: global
hexagon: type: quick-data
+hexagon: - name: bss1
+hexagon: scope: global
+hexagon: type: zero-fill-quick
hexagon: - name: ac1
hexagon: scope: global
hexagon: type: zero-fill-quick
hexagon: size: 1
hexagon: merge: as-tentative
-hexagon: - name: bss1
-hexagon: scope: global
-hexagon: type: zero-fill-quick
Modified: lld/trunk/test/elf/sections.test
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/elf/sections.test?rev=191865&r1=191864&r2=191865&view=diff
==============================================================================
--- lld/trunk/test/elf/sections.test (original)
+++ lld/trunk/test/elf/sections.test Wed Oct 2 18:21:07 2013
@@ -10,7 +10,7 @@ OBJDUMP: 1 .text 0000000a 00000
OBJDUMP: 2 .data 00000004 0000000000001000 DATA
OBJDUMP: 3 .special 00000004 0000000000001004 DATA
OBJDUMP: 4 .anotherspecial 00000004 0000000000001008 DATA
-OBJDUMP: 5 .bss 00000004 000000000000100c BSS
+OBJDUMP: 5 .bss 00000001 000000000000100c BSS
OBJDUMP: 6 .shstrtab {{[0-9a-f]+}} 0000000000000000
OBJDUMP: 7 .symtab {{[0-9a-f]+}} 0000000000000000
OBJDUMP: 8 .strtab {{[0-9a-f]+}} 0000000000000000
@@ -90,7 +90,7 @@ READOBJ: SHF_ALLOC
READOBJ: SHF_WRITE
READOBJ: ]
READOBJ: Address: 0x100C
-READOBJ: Size: 4
+READOBJ: Size: 1
READOBJ: }
READOBJ: Section {
READOBJ: Index: 6
More information about the llvm-commits
mailing list