[llvm] r362778 - [llvm-objcopy] - Emit error and don't crash if program header reaches past end of file.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Fri Jun 7 01:34:19 PDT 2019
Author: grimar
Date: Fri Jun 7 01:34:18 2019
New Revision: 362778
URL: http://llvm.org/viewvc/llvm-project?rev=362778&view=rev
Log:
[llvm-objcopy] - Emit error and don't crash if program header reaches past end of file.
This is https://bugs.llvm.org/show_bug.cgi?id=42122.
If an object file has a size less than program header's file [offset + size]
(i.e. if we have overflow), llvm-objcopy crashes instead of reporting a
error.
The patch fixes this issue.
Differential revision: https://reviews.llvm.org/D62898
Added:
llvm/trunk/test/tools/llvm-objcopy/ELF/invalid-p_filesz-p_offset.test
Modified:
llvm/trunk/tools/llvm-objcopy/ELF/Object.cpp
Added: llvm/trunk/test/tools/llvm-objcopy/ELF/invalid-p_filesz-p_offset.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-objcopy/ELF/invalid-p_filesz-p_offset.test?rev=362778&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-objcopy/ELF/invalid-p_filesz-p_offset.test (added)
+++ llvm/trunk/test/tools/llvm-objcopy/ELF/invalid-p_filesz-p_offset.test Fri Jun 7 01:34:18 2019
@@ -0,0 +1,45 @@
+## In this case, we have a program header with a file size that
+## overflows the binary size. Check llvm-objcopy doesn't crash
+## and report this error properly.
+
+# RUN: yaml2obj --docnum=1 %s -o %t1.o
+# RUN: not llvm-objcopy %t1.o 2>&1 | FileCheck %s --check-prefix=ERR1
+# ERR1: error: program header with offset 0x1b8 and file size 0x100000 goes past the end of the file
+
+--- !ELF
+FileHeader:
+ Class: ELFCLASS64
+ Data: ELFDATA2LSB
+ Type: ET_EXEC
+ Machine: EM_X86_64
+Sections:
+ - Name: .foo
+ Type: SHT_PROGBITS
+ProgramHeaders:
+ - Type: PT_LOAD
+ FileSize: 0x100000
+ Sections:
+ - Section: .foo
+
+## A similar case, but now the p_offset property of the program header is too large.
+
+# RUN: yaml2obj --docnum=2 %s -o %t2.o
+# RUN: not llvm-objcopy %t2.o 2>&1 | FileCheck %s --check-prefix=ERR2
+# ERR2: error: program header with offset 0x100000 and file size 0x1 goes past the end of the file
+
+--- !ELF
+FileHeader:
+ Class: ELFCLASS64
+ Data: ELFDATA2LSB
+ Type: ET_EXEC
+ Machine: EM_X86_64
+Sections:
+ - Name: .foo
+ Type: SHT_PROGBITS
+ Size: 1
+ProgramHeaders:
+ - Type: PT_LOAD
+ Offset: 0x100000
+ FileSize: 1
+ Sections:
+ - Section: .foo
Modified: llvm/trunk/tools/llvm-objcopy/ELF/Object.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-objcopy/ELF/Object.cpp?rev=362778&r1=362777&r2=362778&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-objcopy/ELF/Object.cpp (original)
+++ llvm/trunk/tools/llvm-objcopy/ELF/Object.cpp Fri Jun 7 01:34:18 2019
@@ -1104,6 +1104,11 @@ template <class ELFT> void ELFBuilder<EL
template <class ELFT> void ELFBuilder<ELFT>::readProgramHeaders() {
uint32_t Index = 0;
for (const auto &Phdr : unwrapOrError(ElfFile.program_headers())) {
+ if (Phdr.p_offset + Phdr.p_filesz > ElfFile.getBufSize())
+ error("program header with offset 0x" + Twine::utohexstr(Phdr.p_offset) +
+ " and file size 0x" + Twine::utohexstr(Phdr.p_filesz) +
+ " goes past the end of the file");
+
ArrayRef<uint8_t> Data{ElfFile.base() + Phdr.p_offset,
(size_t)Phdr.p_filesz};
Segment &Seg = Obj.addSegment(Data);
More information about the llvm-commits
mailing list