[PATCH] D25432: [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Thu Oct 27 04:59:29 PDT 2016 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL285285: [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large. (authored by grimar).

Changed prior to commit:
  https://reviews.llvm.org/D25432?vs=74126&id=76008#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D25432

Files:
  llvm/trunk/include/llvm/Object/ELF.h
  llvm/trunk/test/Object/Inputs/invalid-sections-num.elf
  llvm/trunk/test/Object/invalid.test


Index: llvm/trunk/include/llvm/Object/ELF.h
===================================================================
--- llvm/trunk/include/llvm/Object/ELF.h
+++ llvm/trunk/include/llvm/Object/ELF.h
@@ -347,6 +347,12 @@
   // The getNumSections() call below depends on SectionHeaderTable being set.
   SectionHeaderTable =
     reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset);
+  if (getNumSections() > UINT64_MAX / Header->e_shentsize) {
+    // Section table goes past end of file!
+    EC = object_error::parse_failed;
+    return;
+  }
+
   const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize;
 
   if (SectionTableOffset + SectionTableSize > FileSize) {
Index: llvm/trunk/test/Object/invalid.test
===================================================================
--- llvm/trunk/test/Object/invalid.test
+++ llvm/trunk/test/Object/invalid.test
@@ -76,3 +76,6 @@
 RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
 INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s
+INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D25432.76008.patch
Type: text/x-patch
Size: 1299 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161027/9c539680/attachment.bin>

More information about the llvm-commits mailing list