[PATCH] D25514: [Object/ELF] - Do not allow overflow when checking section size/offset.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Wed Oct 12 07:07:14 PDT 2016
grimar created this revision.
grimar added reviewers: rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
Overflow was the reason of incorrect passing the check,
patch fixes the case.
https://reviews.llvm.org/D25514
Files:
include/llvm/Object/ELF.h
test/Object/Inputs/invalid-section-size2.elf
test/Object/invalid.test
Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -64,3 +64,7 @@
RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
INVALID-RELOC-SH-OFFSET: Invalid data was encountered while parsing the file
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
+INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.
Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -226,7 +226,8 @@
if (Size % sizeof(T))
return object_error::parse_failed;
- if (Offset + Size > Buf.size())
+ if ((std::numeric_limits<uintX_t>::max() - Offset < Size) ||
+ Offset + Size > Buf.size())
return object_error::parse_failed;
const T *Start = reinterpret_cast<const T *>(base() + Offset);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25514.74369.patch
Type: text/x-patch
Size: 1117 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161012/0711c850/attachment.bin>
More information about the llvm-commits
mailing list