[PATCH] D24970: [ELF] - Fixed crash on invalid output.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Tue Sep 27 09:56:46 PDT 2016 

grimar created this revision.
grimar added reviewers: ruiu, rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.

I took the input from https://llvm.org/bugs/show_bug.cgi?id=30540, it was
"id_000000,sig_11,src_000000,op_flip1,pos_98"

File contains invalid symbol name offset (too large) and lld just crashes,
patch fixes the issue.

I wonder may be we want a separate folder for invalid input tests, like we have
for linkerscript ?

https://reviews.llvm.org/D24970

Files:
  ELF/Writer.cpp
  test/ELF/Inputs/invalid-symbol-name-offset.elf
  test/ELF/invalid-symbol-name.s

Index: test/ELF/invalid-symbol-name.s
===================================================================
--- test/ELF/invalid-symbol-name.s
+++ test/ELF/invalid-symbol-name.s
@@ -0,0 +1,5 @@
+# REQUIRES: x86
+
+# RUN: not ld.lld %S/Inputs/invalid-symbol-name-offset.elf \
+# RUN:   -o %t 2>&1 | FileCheck %s
+# CHECK: invalid symbol name offset
Index: ELF/Writer.cpp
===================================================================
--- ELF/Writer.cpp
+++ ELF/Writer.cpp
@@ -379,15 +379,17 @@
   if (!Out<ELFT>::SymTab)
     return;
   for (elf::ObjectFile<ELFT> *F : Symtab<ELFT>::X->getObjectFiles()) {
-    const char *StrTab = F->getStringTable().data();
+    StringRef StrTab = F->getStringTable();
     for (SymbolBody *B : F->getLocalSymbols()) {
       auto *DR = dyn_cast<DefinedRegular<ELFT>>(B);
       // No reason to keep local undefined symbol in symtab.
       if (!DR)
         continue;
       if (!includeInSymtab<ELFT>(*B))
         continue;
-      StringRef SymName(StrTab + B->getNameOffset());
+      if (B->getNameOffset() >= StrTab.size())
+        fatal("invalid symbol name offset");
+      StringRef SymName(StrTab.data() + B->getNameOffset());
       InputSectionBase<ELFT> *Sec = DR->Section;
       if (!shouldKeepInSymtab<ELFT>(Sec, SymName, *B))
         continue;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D24970.72670.patch
Type: text/x-patch
Size: 1325 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160927/dac4973f/attachment.bin>

More information about the llvm-commits mailing list