[llvm] r284369 - [Object/ELF] - Do not crash on invalid section index.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 17 02:30:07 PDT 2016
Author: grimar
Date: Mon Oct 17 04:30:06 2016
New Revision: 284369
URL: http://llvm.org/viewvc/llvm-project?rev=284369&view=rev
Log:
[Object/ELF] - Do not crash on invalid section index.
If object has wrong (large) string table index and
also incorrect large value for amount of sections in total,
then section index passes the check:
if (Index >= getNumSections())
return object_error::invalid_section_index;
But result pointer then is far after end of file data, what
result in a crash.
Differential revision: https://reviews.llvm.org/D25081
Added:
llvm/trunk/test/Object/Inputs/invalid-section-index2.elf (with props)
Modified:
llvm/trunk/include/llvm/Object/ELF.h
llvm/trunk/test/Object/invalid.test
Modified: llvm/trunk/include/llvm/Object/ELF.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=284369&r1=284368&r2=284369&view=diff
==============================================================================
--- llvm/trunk/include/llvm/Object/ELF.h (original)
+++ llvm/trunk/include/llvm/Object/ELF.h Mon Oct 17 04:30:06 2016
@@ -399,9 +399,11 @@ ELFFile<ELFT>::getSection(uint32_t Index
if (Index >= getNumSections())
return object_error::invalid_section_index;
- return reinterpret_cast<const Elf_Shdr *>(
- reinterpret_cast<const char *>(SectionHeaderTable) +
- (Index * Header->e_shentsize));
+ const uint8_t *Addr = reinterpret_cast<const uint8_t *>(SectionHeaderTable) +
+ (Index * Header->e_shentsize);
+ if (Addr >= base() + getBufSize())
+ return object_error::invalid_section_index;
+ return reinterpret_cast<const Elf_Shdr *>(Addr);
}
template <class ELFT>
Added: llvm/trunk/test/Object/Inputs/invalid-section-index2.elf
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-section-index2.elf?rev=284369&view=auto
==============================================================================
Binary file - no diff available.
Propchange: llvm/trunk/test/Object/Inputs/invalid-section-index2.elf
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: llvm/trunk/test/Object/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=284369&r1=284368&r2=284369&view=diff
==============================================================================
--- llvm/trunk/test/Object/invalid.test (original)
+++ llvm/trunk/test/Object/invalid.test Mon Oct 17 04:30:06 2016
@@ -41,7 +41,7 @@ RUN: not llvm-readobj --dyn-symbols %p/I
INVALID-DYNSYM-SIZE: Invalid entity size
RUN: not llvm-readobj -t %p/Inputs/invalid-section-index.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s
-
+RUN: not llvm-readobj -t %p/Inputs/invalid-section-index2.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s
INVALID-SECTION-INDEX: Invalid section index
RUN: not llvm-readobj -s %p/Inputs/invalid-section-size.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-SIZE %s
More information about the llvm-commits
mailing list