[PATCH] D25272: [ELF] - Fixed behavior when amount of inputsections is too large.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Wed Oct 5 04:53:36 PDT 2016 

grimar created this revision.
grimar added reviewers: ruiu, rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.

There were 2 problems in this case. Imagine that anount of input sections
is incorrect and huge (> UINT32_MAX). Lets say it is x = UINT32_MAX + 1;

1. On 64bit systems it just may crash with std::length_error when will try to allocate

more memory than is available.

2. On 32bits situation is more interesting.

  Sections.resize(Size); 

will truncate Size to 0, so resize will work fine.
Next loop will never execute:

  for (const Elf_Shdr &Sec : Obj.sections())

because Obj.sections() will return empty array because of implementation of:

  template <class ELFT>
  const typename ELFFile<ELFT>::Elf_Shdr *ELFFile<ELFT>::section_end() const {
    return section_begin() + getNumSections();
  }

And finally linkage can complete fine without errors. That is what I am observing with testcase.
I suggest to limit amount of input sections to some reasonable amount. Not sure what is better
UINT16_MAX or UINT32_MAX., patch uses first for now.


https://reviews.llvm.org/D25272

Files:
  ELF/InputFiles.cpp
  test/ELF/invalid/Inputs/sections-count.elf
  test/ELF/invalid/sections-count.s


Index: test/ELF/invalid/sections-count.s
===================================================================
--- test/ELF/invalid/sections-count.s
+++ test/ELF/invalid/sections-count.s
@@ -0,0 +1,6 @@
+# REQUIRES: x86
+
+## sections-count.elf contains symbol with huge sh_size of section
+## header table.
+# RUN: not ld.lld %S/Inputs/sections-count.elf -o %t 2>&1 | FileCheck %s
+# CHECK: wrong amount of input sections
Index: ELF/InputFiles.cpp
===================================================================
--- ELF/InputFiles.cpp
+++ ELF/InputFiles.cpp
@@ -226,10 +226,12 @@
 template <class ELFT>
 void elf::ObjectFile<ELFT>::initializeSections(
     DenseSet<StringRef> &ComdatGroups) {
+  const ELFFile<ELFT> &Obj = this->ELFObj;
   uint64_t Size = this->ELFObj.getNumSections();
+  if (Size > UINT16_MAX)
+    fatal(getFilename(this) + ": wrong amount of input sections");
   Sections.resize(Size);
   unsigned I = -1;
-  const ELFFile<ELFT> &Obj = this->ELFObj;
   for (const Elf_Shdr &Sec : Obj.sections()) {
     ++I;
     if (Sections[I] == &InputSection<ELFT>::Discarded)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25272.73622.patch
Type: text/x-patch
Size: 1089 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161005/867a6365/attachment.bin>

More information about the llvm-commits mailing list