[PATCH] D35371: [COFF] Bounds check relocations
Reid Kleckner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 13 13:30:43 PDT 2017
This revision was automatically updated to reflect the committed changes.
Closed by commit rL307948: [COFF] Bounds check relocations (authored by rnk).
Changed prior to commit:
https://reviews.llvm.org/D35371?vs=106498&id=106511#toc
Repository:
rL LLVM
https://reviews.llvm.org/D35371
Files:
lld/trunk/COFF/Chunks.cpp
lld/trunk/COFF/Chunks.h
lld/trunk/test/COFF/reloc-oob.yaml
Index: lld/trunk/COFF/Chunks.h
===================================================================
--- lld/trunk/COFF/Chunks.h
+++ lld/trunk/COFF/Chunks.h
@@ -112,7 +112,7 @@
};
// A chunk corresponding a section of an input file.
-class SectionChunk : public Chunk {
+class SectionChunk final : public Chunk {
// Identical COMDAT Folding feature accesses section internal data.
friend class ICF;
Index: lld/trunk/COFF/Chunks.cpp
===================================================================
--- lld/trunk/COFF/Chunks.cpp
+++ lld/trunk/COFF/Chunks.cpp
@@ -210,7 +210,15 @@
memcpy(Buf + OutputSectionOff, A.data(), A.size());
// Apply relocations.
+ size_t InputSize = getSize();
for (const coff_relocation &Rel : Relocs) {
+ // Check for an invalid relocation offset. This check isn't perfect, because
+ // we don't have the relocation size, which is only known after checking the
+ // machine and relocation type. As a result, a relocation may overwrite the
+ // beginning of the following input section.
+ if (Rel.VirtualAddress >= InputSize)
+ fatal("relocation points beyond the end of its parent section");
+
uint8_t *Off = Buf + OutputSectionOff + Rel.VirtualAddress;
// Get the output section of the symbol for this relocation. The output
Index: lld/trunk/test/COFF/reloc-oob.yaml
===================================================================
--- lld/trunk/test/COFF/reloc-oob.yaml
+++ lld/trunk/test/COFF/reloc-oob.yaml
@@ -0,0 +1,62 @@
+# Make sure LLD does some light relocation bounds checking.
+
+# RUN: yaml2obj %s -o %t.obj
+# RUN: not lld-link %t.obj -entry:main -nodefaultlib -out:%t.exe 2>&1 | FileCheck %s
+
+# CHECK: error: relocation points beyond the end of its parent section
+
+--- !COFF
+header:
+ Machine: IMAGE_FILE_MACHINE_I386
+ Characteristics: [ ]
+sections:
+ - Name: .text
+ Characteristics: [ IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ ]
+ Alignment: 16
+ SectionData: 5589E550C745FC00000000A10000000083C4045DC3
+ Relocations:
+ - VirtualAddress: 24
+ SymbolName: _g
+ Type: IMAGE_REL_I386_DIR32
+ - Name: .data
+ Characteristics: [ IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE ]
+ Alignment: 4
+ SectionData: 2A000000
+symbols:
+ - Name: .text
+ Value: 0
+ SectionNumber: 1
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+ SectionDefinition:
+ Length: 21
+ NumberOfRelocations: 1
+ NumberOfLinenumbers: 0
+ CheckSum: 662775349
+ Number: 1
+ - Name: .data
+ Value: 0
+ SectionNumber: 2
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+ SectionDefinition:
+ Length: 4
+ NumberOfRelocations: 0
+ NumberOfLinenumbers: 0
+ CheckSum: 3482275674
+ Number: 2
+ - Name: _main
+ Value: 0
+ SectionNumber: 1
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_FUNCTION
+ StorageClass: IMAGE_SYM_CLASS_EXTERNAL
+ - Name: _g
+ Value: 0
+ SectionNumber: 2
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_EXTERNAL
+...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D35371.106511.patch
Type: text/x-patch
Size: 3565 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170713/d4800417/attachment.bin>
More information about the llvm-commits
mailing list