[PATCH] D38512: Added phdr upper bound checks to ElfObject

Parker Thompson via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Oct 5 10:48:20 PDT 2017 

mothran updated this revision to Diff 117850.

https://reviews.llvm.org/D38512

Files:
  include/llvm/Object/ELF.h
  test/Object/Inputs/invalid-phdr.elf
  test/Object/elf-invalid-phdr.test


Index: test/Object/elf-invalid-phdr.test
===================================================================
--- /dev/null
+++ test/Object/elf-invalid-phdr.test
@@ -0,0 +1,27 @@
+# invalid-phdr.elf is generated by creating a simple elf file with yaml2obj:
+# !ELF
+# FileHeader:
+#   Class:           ELFCLASS64
+#   Data:            ELFDATA2LSB
+#   Type:            ET_EXEC
+#   Machine:         EM_X86_64
+# Sections:
+#   - Name:            .text
+#     Type:            SHT_PROGBITS
+#     Flags:           [ SHF_ALLOC, SHF_EXECINSTR ]
+#     AddressAlign:    0x0000000000001000
+#     Content:         "00000000"
+# ProgramHeaders:
+#   - Type: PT_LOAD
+#     Flags: [ PF_X, PF_R ]
+#     VAddr: 0xAAAA1000
+#     PAddr: 0xFFFF1000
+#     Sections:
+#       - Section: .text
+#
+# The editing the e_phoff in with a hexeditor to set it to 0xffffff
+RUN: not llvm-objdump -private-headers %p/Inputs/invalid-phdr.elf 2>&1 \
+RUN:         | FileCheck %s
+
+CHECK: LLVM ERROR: Invalid data was encountered while parsing the file
+
Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -144,6 +144,10 @@
   Expected<Elf_Phdr_Range> program_headers() const {
     if (getHeader()->e_phnum && getHeader()->e_phentsize != sizeof(Elf_Phdr))
       return createError("invalid e_phentsize");
+    if (getHeader()->e_phoff +
+            (getHeader()->e_phnum * getHeader()->e_phentsize) >
+        getBufSize())
+      return createError("program headers longer than binary");
     auto *Begin =
         reinterpret_cast<const Elf_Phdr *>(base() + getHeader()->e_phoff);
     return makeArrayRef(Begin, Begin + getHeader()->e_phnum);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D38512.117850.patch
Type: text/x-patch
Size: 1740 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171005/e2a1f96f/attachment.bin>

More information about the llvm-commits mailing list