[PATCH] D62898: [llvm-objcopy] - Emit error and don't crash if program header reaches past end of file.
George Rimar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Jun 5 04:02:40 PDT 2019
grimar created this revision.
grimar added reviewers: jhenderson, alexshap, jakehehrlich, rupprecht.
Herald added subscribers: MaskRay, arichardson, emaste.
Herald added a reviewer: espindola.
This is https://bugs.llvm.org/show_bug.cgi?id=42122.
If an object file has a size less than program header's file [offset + size]
(i.e. if we have overflow), llvm-objcopy crashes instead of reporting a
error.
The patch fixes this issue.
https://reviews.llvm.org/D62898
Files:
test/tools/llvm-objcopy/ELF/invalid-p_filesz.test
tools/llvm-objcopy/ELF/Object.cpp
Index: tools/llvm-objcopy/ELF/Object.cpp
===================================================================
--- tools/llvm-objcopy/ELF/Object.cpp
+++ tools/llvm-objcopy/ELF/Object.cpp
@@ -1104,6 +1104,10 @@
template <class ELFT> void ELFBuilder<ELFT>::readProgramHeaders() {
uint32_t Index = 0;
for (const auto &Phdr : unwrapOrError(ElfFile.program_headers())) {
+ if (Phdr.p_offset + Phdr.p_filesz > ElfFile.getBufSize())
+ error("program header at offset " + Twine(Phdr.p_offset) + " of size " +
+ Twine(Phdr.p_filesz) + " is mailformed");
+
ArrayRef<uint8_t> Data{ElfFile.base() + Phdr.p_offset,
(size_t)Phdr.p_filesz};
Segment &Seg = Obj.addSegment(Data);
Index: test/tools/llvm-objcopy/ELF/invalid-p_filesz.test
===================================================================
--- /dev/null
+++ test/tools/llvm-objcopy/ELF/invalid-p_filesz.test
@@ -0,0 +1,24 @@
+## In this case, we have a program header with a file size that
+## overflows the binary size. Check llvm-objcopy doesn't crash
+## and report this error properly.
+
+# RUN: yaml2obj %s -o %t.o
+# RUN: not llvm-objcopy %t.o 2>&1 | FIleCheck %s
+# CHECK: error: program header at offset 4096 of size 1048576 is mailformed.
+
+--- !ELF
+FileHeader:
+ Class: ELFCLASS64
+ Data: ELFDATA2LSB
+ Type: ET_EXEC
+ Machine: EM_X86_64
+Sections:
+ - Name: .foo
+ Type: SHT_PROGBITS
+ Size: 1
+ AddressAlign: 0x1000
+ProgramHeaders:
+ - Type: PT_LOAD
+ FileSize: 0x100000
+ Sections:
+ - Section: .foo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D62898.203116.patch
Type: text/x-patch
Size: 1598 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190605/b068ffe1/attachment.bin>
More information about the llvm-commits
mailing list