[PATCH] [Request, 9 lines] D25090: [Object/ELF] - Check that e_shnum is null when e_shoff is.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Fri Sep 30 04:30:05 PDT 2016 

grimar created this revision.
grimar added reviewers: rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.

Spec says (http://www.sco.com/developers/gabi/1998-04-29/ch4.eheader.html) :
e_shnum
This member holds the number of entries in the section header table. Thus the product of e_shentsize and e_shnum gives the section header table's size in bytes. If a file has no section header table, e_shnum holds the value zero.

Revealed using "id_000037,sig_11,src_000015,op_havoc,rep_8" from PR30540

That was the reason of crash in lld on incorrect input file.
Binary reduced using afl-min.


https://reviews.llvm.org/D25090

Files:
  include/llvm/Object/ELF.h
  test/Object/Inputs/invalid-e_shnum.elf
  test/Object/invalid.test


Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -54,3 +54,6 @@
 
 RUN: not llvm-readobj -t %p/Inputs/invalid-xindex-size.elf 2>&1 | FileCheck --check-prefix=INVALID-XINDEX-SIZE %s
 INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-e_shnum.elf 2>&1 | FileCheck --check-prefix=INVALID-SH-NUM %s
+INVALID-SH-NUM: e_shnum should be zero if a file has no section header table
Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -345,8 +345,12 @@
 
   Header = reinterpret_cast<const Elf_Ehdr *>(base());
 
-  if (Header->e_shoff == 0)
+  if (Header->e_shoff == 0) {
+    if (Header->e_shnum != 0)
+      report_fatal_error(
+          "e_shnum should be zero if a file has no section header table");
     return;
+  }
 
   const uint64_t SectionTableOffset = Header->e_shoff;
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25090.73034.patch
Type: text/x-patch
Size: 1087 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160930/358895e6/attachment.bin>

More information about the llvm-commits mailing list