[llvm] r355851 - Detect malformed LC_LINKER_COMMANDs in Mach-O binaries

Michael Trent via llvm-commits llvm-commits at lists.llvm.org
Mon Mar 11 11:29:25 PDT 2019 

Author: mtrent
Date: Mon Mar 11 11:29:25 2019
New Revision: 355851

URL: http://llvm.org/viewvc/llvm-project?rev=355851&view=rev
Log:
Detect malformed LC_LINKER_COMMANDs in Mach-O binaries

Summary:
llvm-objdump can be tricked into reading beyond valid memory and
segfaulting if LC_LINKER_COMMAND strings are not null terminated. libObject
does have code to validate the integrity of the LC_LINKER_COMMAND struct,
but this validator improperly assumes linker command strings are null
terminated.

The solution is to report an error if a string extends beyond the end of
the LC_LINKER_COMMAND struct.

Reviewers: lhames, pete

Reviewed By: pete

Subscribers: rupprecht, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D59179

Added:
    llvm/trunk/test/tools/llvm-objdump/X86/Inputs/macho-invalid-linker-command   (with props)
Modified:
    llvm/trunk/lib/Object/MachOObjectFile.cpp
    llvm/trunk/test/tools/llvm-objdump/X86/malformed-machos.test

Modified: llvm/trunk/lib/Object/MachOObjectFile.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Object/MachOObjectFile.cpp?rev=355851&r1=355850&r2=355851&view=diff
==============================================================================
--- llvm/trunk/lib/Object/MachOObjectFile.cpp (original)
+++ llvm/trunk/lib/Object/MachOObjectFile.cpp Mon Mar 11 11:29:25 2019
@@ -918,6 +918,10 @@ static Error checkLinkerOptCommand(const
     if (left > 0) {
       i++;
       uint32_t NullPos = StringRef(string, left).find('\0');
+      if (0xffffffff == NullPos)
+        return malformedError("load command " + Twine(LoadCommandIndex) +
+                              " LC_LINKER_OPTION string #" + Twine(i) +
+                              " is not NULL terminated");
       uint32_t len = std::min(NullPos, left) + 1;
       string += len;
       left -= len;

Added: llvm/trunk/test/tools/llvm-objdump/X86/Inputs/macho-invalid-linker-command
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-objdump/X86/Inputs/macho-invalid-linker-command?rev=355851&view=auto
==============================================================================
Binary file - no diff available.

Propchange: llvm/trunk/test/tools/llvm-objdump/X86/Inputs/macho-invalid-linker-command
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: llvm/trunk/test/tools/llvm-objdump/X86/malformed-machos.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-objdump/X86/malformed-machos.test?rev=355851&r1=355850&r2=355851&view=diff
==============================================================================
--- llvm/trunk/test/tools/llvm-objdump/X86/malformed-machos.test (original)
+++ llvm/trunk/test/tools/llvm-objdump/X86/malformed-machos.test Mon Mar 11 11:29:25 2019
@@ -3,31 +3,31 @@
 // make sure llvm-objdump is robust is what matters.
 # RUN: not llvm-objdump -macho -objc-meta-data \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0001.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0001 %s 
+# RUN:   | FileCheck -check-prefix=m0001 %s
 
 # m0001: mem-crup-0001.macho': truncated or malformed object (addr field plus size of section 2 in LC_SEGMENT_64 command 0 greater than than the segment's vmaddr plus vmsize)
 
 # RUN: not llvm-objdump -macho -objc-meta-data \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0006.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0006 %s 
+# RUN:   | FileCheck -check-prefix=m0006 %s
 
 # m0006: malformed-machos/mem-crup-0006.macho': truncated or malformed object (section contents at offset 4128 with a size of 176, overlaps section contents at offset 4128 with a size of 8)
 
 # RUN: not llvm-objdump -macho -objc-meta-data \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0010.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0010 %s 
+# RUN:   | FileCheck -check-prefix=m0010 %s
 
 # m0010: mem-crup-0010.macho': truncated or malformed object (section contents at offset 4320 with a size of 80, overlaps section contents at offset 4320 with a size of 8)
 
 # RUN: not llvm-objdump -macho -objc-meta-data \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0040.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0040 %s 
+# RUN:   | FileCheck -check-prefix=m0040 %s
 
 # m0040: mem-crup-0040.macho': truncated or malformed object (offset field plus size field of section 2 in LC_SEGMENT_64 command 1 extends past the end of the file)
 
 # RUN: not llvm-objdump -macho -objc-meta-data \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0080.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0080 %s 
+# RUN:   | FileCheck -check-prefix=m0080 %s
 
 # m0080: mem-crup-0080.macho': truncated or malformed object (addr field plus size of section 2 in LC_SEGMENT_64 command 1 greater than than the segment's vmaddr plus vmsize)
 
@@ -36,7 +36,7 @@
 
 # RUN: not llvm-objdump -macho -disassemble \
 # RUN:   %p/Inputs/malformed-machos/mem-crup-0337.macho 2>&1 \
-# RUN:   | FileCheck -check-prefix=m0337 %s 
+# RUN:   | FileCheck -check-prefix=m0337 %s
 
 # m0337: mem-crup-0337.macho': truncated or malformed object (section relocation entries at offset 0 with a size of 512, overlaps Mach-O headers at offset 0 with a size of 2048)
 
@@ -67,5 +67,8 @@ INVALID-SYMBOL-LIB_ORDINAL: macho-invali
 RUN: not llvm-objdump -macho -objc-meta-data %p/Inputs/macho-invalid-bind-entry 2>&1 | FileCheck -check-prefix INVALID-BIND-ENTRY %s
 INVALID-BIND-ENTRY: macho-invalid-bind-entry': truncated or malformed object (for BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB bad library ordinal: 83 (max 0) for opcode at: 0x0)
 
-RUN: llvm-objdump -macho -r -arch x86_64 %p/Inputs/macho-invalid-reloc-section-index | FileCheck -check-prefix INVALID-RELOC-SECTION-INDEX %s
+RUN: llvm-objdump -macho -r -arch x86_64 %p/Inputs/macho-invalid-reloc-section-index 2>&1 | FileCheck -check-prefix INVALID-RELOC-SECTION-INDEX %s
 INVALID-RELOC-SECTION-INDEX: 00000021 False byte   False  UNSIGND False     8388613 (?,?)
+
+RUN: not llvm-objdump -bind -g -macho -r -rebase -s -section-headers -t -unwind-info %p/Inputs/macho-invalid-linker-command 2>&1 | FileCheck -check-prefix INVALID-LINKCMD %s
+INVALID-LINKCMD: truncated or malformed object (load command 4 LC_LINKER_OPTION string #2 is not NULL terminated)

More information about the llvm-commits mailing list