[PATCH] D25229: [ELF] - Do not hang if broken object has option descriptor in .MIPS.options with size of zero.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 4 03:23:27 PDT 2016
grimar created this revision.
grimar added reviewers: ruiu, rafael, atanasyan, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
Herald added a subscriber: sdardis.
Previously lld would hang in infinite loop in this case,
patch fixes the issue. Object was found during AFL run.
https://reviews.llvm.org/D25229
Files:
ELF/InputSection.cpp
test/ELF/invalid/Inputs/mips-invalid-options-descriptor.elf
test/ELF/invalid/mips-invalid-options-descriptor.s
Index: test/ELF/invalid/mips-invalid-options-descriptor.s
===================================================================
--- test/ELF/invalid/mips-invalid-options-descriptor.s
+++ test/ELF/invalid/mips-invalid-options-descriptor.s
@@ -0,0 +1,5 @@
+## mips-invalid-options-descriptor.elf has option descriptor in
+## .MIPS.options with size of zero.
+# RUN: not ld.lld %p/Inputs/mips-invalid-options-descriptor.elf -o %t2 2>&1 | \
+# RUN: FileCheck %s
+# CHECK: zero option descriptor size
Index: ELF/InputSection.cpp
===================================================================
--- ELF/InputSection.cpp
+++ ELF/InputSection.cpp
@@ -694,6 +694,8 @@
error(getName(this) + ": unsupported non-zero ri_gp_value");
break;
}
+ if (!O->size)
+ fatal(getName(this) + ": zero option descriptor size");
D = D.slice(O->size);
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25229.73441.patch
Type: text/x-patch
Size: 884 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161004/3e55c76b/attachment.bin>
More information about the llvm-commits
mailing list