[llvm] r285285 - [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Thu Oct 27 04:50:04 PDT 2016
Author: grimar
Date: Thu Oct 27 06:50:04 2016
New Revision: 285285
URL: http://llvm.org/viewvc/llvm-project?rev=285285&view=rev
Log:
[Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.
Elf.h already has code checking that section table does not go past end of file.
Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize
because of calculation overflow.
Parch fixes the issue.
Differential revision: https://reviews.llvm.org/D25432
Added:
llvm/trunk/test/Object/Inputs/invalid-sections-num.elf (with props)
Modified:
llvm/trunk/include/llvm/Object/ELF.h
llvm/trunk/test/Object/invalid.test
Modified: llvm/trunk/include/llvm/Object/ELF.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Object/ELF.h?rev=285285&r1=285284&r2=285285&view=diff
==============================================================================
--- llvm/trunk/include/llvm/Object/ELF.h (original)
+++ llvm/trunk/include/llvm/Object/ELF.h Thu Oct 27 06:50:04 2016
@@ -347,6 +347,12 @@ ELFFile<ELFT>::ELFFile(StringRef Object,
// The getNumSections() call below depends on SectionHeaderTable being set.
SectionHeaderTable =
reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset);
+ if (getNumSections() > UINT64_MAX / Header->e_shentsize) {
+ // Section table goes past end of file!
+ EC = object_error::parse_failed;
+ return;
+ }
+
const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize;
if (SectionTableOffset + SectionTableSize > FileSize) {
Added: llvm/trunk/test/Object/Inputs/invalid-sections-num.elf
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-sections-num.elf?rev=285285&view=auto
==============================================================================
Binary file - no diff available.
Propchange: llvm/trunk/test/Object/Inputs/invalid-sections-num.elf
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: llvm/trunk/test/Object/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=285285&r1=285284&r2=285285&view=diff
==============================================================================
--- llvm/trunk/test/Object/invalid.test (original)
+++ llvm/trunk/test/Object/invalid.test Thu Oct 27 06:50:04 2016
@@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid d
RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s
+INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.
More information about the llvm-commits
mailing list