[llvm] r283204 - [Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 4 02:25:40 PDT 2016
Author: grimar
Date: Tue Oct 4 04:25:39 2016
New Revision: 283204
URL: http://llvm.org/viewvc/llvm-project?rev=283204&view=rev
Log:
[Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.
Previously code would access invalid memory and may crash,
patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25187
Added:
llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 (with props)
llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 (with props)
Modified:
llvm/trunk/include/llvm/Object/ELF.h
llvm/trunk/test/Object/invalid.test
Modified: llvm/trunk/include/llvm/Object/ELF.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=283204&r1=283203&r2=283204&view=diff
==============================================================================
--- llvm/trunk/include/llvm/Object/ELF.h (original)
+++ llvm/trunk/include/llvm/Object/ELF.h Tue Oct 4 04:25:39 2016
@@ -137,6 +137,8 @@ public:
const Elf_Rela *rela_begin(const Elf_Shdr *sec) const {
if (sec->sh_entsize != sizeof(Elf_Rela))
report_fatal_error("Invalid relocation entry size");
+ if (sec->sh_offset >= Buf.size())
+ report_fatal_error("Invalid relocation entry offset");
return reinterpret_cast<const Elf_Rela *>(base() + sec->sh_offset);
}
@@ -154,6 +156,8 @@ public:
const Elf_Rel *rel_begin(const Elf_Shdr *sec) const {
if (sec->sh_entsize != sizeof(Elf_Rel))
report_fatal_error("Invalid relocation entry size");
+ if (sec->sh_offset >= Buf.size())
+ report_fatal_error("Invalid relocation entry offset");
return reinterpret_cast<const Elf_Rel *>(base() + sec->sh_offset);
}
Added: llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386?rev=283204&view=auto
==============================================================================
Binary file - no diff available.
Propchange: llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64?rev=283204&view=auto
==============================================================================
Binary file - no diff available.
Propchange: llvm/trunk/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: llvm/trunk/test/Object/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=283204&r1=283203&r2=283204&view=diff
==============================================================================
--- llvm/trunk/test/Object/invalid.test (original)
+++ llvm/trunk/test/Object/invalid.test Tue Oct 4 04:25:39 2016
@@ -58,3 +58,9 @@ INVALID-XINDEX-SIZE: Invalid data was en
RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s
INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index
+
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset
More information about the llvm-commits
mailing list