[PATCH] D44285: Fix computeSymbolSizes SEGFAULT on invalid file
Teng Qin via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 8 19:32:18 PST 2018
palmtenor created this revision.
palmtenor added reviewers: dberris, kcc, dvyukov, rafael, aprantl.
Herald added a subscriber: llvm-commits.
We use `llvm-symbolizer` in some production systems, and we run it against all possibly related files, including some that are not ELF. We noticed that for some of those invalid files, `llvm-symbolizer` would crash with SEGFAULT. Here is an example of such a file <https://www.dropbox.com/s/i12t4sbvqozrlru/test_bad_file?dl=0>.
It is due to that in `computeSymbolSizes`, a loop uses condition
for (unsigned I = 0, N = Addresses.size() - 1; I < N; ++I) {
where if `Addresses.size()` is 0, `N` would overflow and causing the loop to access invalid memory.
Instead of patching the loop conditions, the commit makes so that the function returns early if `Addresses` is empty.
Validated by checking that `llvm-symbolizer` no longer crashes.
Repository:
rL LLVM
https://reviews.llvm.org/D44285
Files:
lib/Object/SymbolSize.cpp
Index: lib/Object/SymbolSize.cpp
===================================================================
--- lib/Object/SymbolSize.cpp
+++ lib/Object/SymbolSize.cpp
@@ -66,6 +66,10 @@
Addresses.push_back(
{O.symbol_end(), Address + Size, 0, getSectionID(O, Sec)});
}
+
+ if (Addresses.empty())
+ return Ret;
+
array_pod_sort(Addresses.begin(), Addresses.end(), compareAddress);
// Compute the size as the gap to the next symbol
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D44285.137688.patch
Type: text/x-patch
Size: 452 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180309/d0bb4305/attachment.bin>
More information about the llvm-commits
mailing list