[llvm] r285284 - [Object/ELF] - Do not allow overflow when checking section size/offset.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Thu Oct 27 04:44:56 PDT 2016 

Author: grimar
Date: Thu Oct 27 06:44:56 2016
New Revision: 285284

URL: http://llvm.org/viewvc/llvm-project?rev=285284&view=rev
Log:
[Object/ELF] - Do not allow overflow when checking section size/offset.

Overflow was the reason of incorrect passing the check,
patch fixes the case.

Differentail revision: https://reviews.llvm.org/D25514

Added:
    llvm/trunk/test/Object/Inputs/invalid-section-size2.elf   (with props)
Modified:
    llvm/trunk/include/llvm/Object/ELF.h
    llvm/trunk/test/Object/invalid.test

Modified: llvm/trunk/include/llvm/Object/ELF.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=285284&r1=285283&r2=285284&view=diff
==============================================================================
--- llvm/trunk/include/llvm/Object/ELF.h (original)
+++ llvm/trunk/include/llvm/Object/ELF.h Thu Oct 27 06:44:56 2016
@@ -229,7 +229,8 @@ ELFFile<ELFT>::getSectionContentsAsArray
 
   if (Size % sizeof(T))
     return object_error::parse_failed;
-  if (Offset + Size > Buf.size())
+  if ((std::numeric_limits<uintX_t>::max() - Offset < Size) ||
+      Offset + Size > Buf.size())
     return object_error::parse_failed;
 
   const T *Start = reinterpret_cast<const T *>(base() + Offset);

Added: llvm/trunk/test/Object/Inputs/invalid-section-size2.elf
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-section-size2.elf?rev=285284&view=auto
==============================================================================
Binary file - no diff available.

Propchange: llvm/trunk/test/Object/Inputs/invalid-section-size2.elf
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: llvm/trunk/test/Object/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=285284&r1=285283&r2=285284&view=diff
==============================================================================
--- llvm/trunk/test/Object/invalid.test (original)
+++ llvm/trunk/test/Object/invalid.test Thu Oct 27 06:44:56 2016
@@ -72,3 +72,7 @@ INVALID-RELOC-SH-OFFSET: Invalid data wa
 RUN: not llvm-readobj -t %p/Inputs/invalid-sections-address-alignment.x86-64 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-SEC-ADDRESS-ALIGNMENT %s
 INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the file
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
+INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.

More information about the llvm-commits mailing list