[llvm] 893c84d - [obj2yaml] - Dump the content of a broken hash table properly.

Georgii Rymar via llvm-commits llvm-commits at lists.llvm.org
Fri Dec 25 01:01:34 PST 2020


Author: Georgii Rymar
Date: 2020-12-25T11:51:28+03:00
New Revision: 893c84d71c4ad223ae495d66a0c733a91c72e7bf

URL: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf
DIFF: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf.diff

LOG: [obj2yaml] - Dump the content of a broken hash table properly.

This is similar to D93760.

When something is wrong with the hash table header we dump
its context as a raw data.

Currently we have the calculation overflow issue and it is possible to
bypass the validation we have (and crash).

The patch fixes it.

Differential revision: https://reviews.llvm.org/D93799

Added: 
    

Modified: 
    llvm/test/tools/obj2yaml/ELF/hash-section.yaml
    llvm/tools/obj2yaml/elf2yaml.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
index 389b4bbb6972..57d823b3a0be 100644
--- a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
+++ b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
@@ -49,6 +49,13 @@ Sections:
 # CONTENT-NEXT: - Name:    .oversized
 # CONTENT-NEXT:   Type:    SHT_HASH
 # CONTENT-NEXT:   Content: '0100000002000000030000000400000000'
+# CONTENT-NEXT: - Name:    .overflow1
+# CONTENT-NEXT:   Type:    SHT_HASH
+# CONTENT-NEXT:   Content: 01000000FFFFFFFF{{$}}
+# CONTENT-NEXT: - Name:    .overflow2
+# CONTENT-NEXT:   Type:    SHT_HASH
+# CONTENT-NEXT:   Content: FFFFFFFF01000000{{$}}
+# CONTENT-NEXT: ...
 
 --- !ELF
 FileHeader:
@@ -74,6 +81,20 @@ Sections:
   - Name:    .oversized
     Type:    SHT_HASH
     Content: '0100000002000000030000000400000000'
+## Case 5, 6: NChain/NBucket are incorrect and causing 32-bit
+##            unsigned overflows of intermediate expressions.
+  - Name:    .overflow1
+    Type:    SHT_HASH
+    Bucket:  [ ]
+    Chain:   [ ]
+    NBucket: 0x1
+    NChain:  0xffffffff
+  - Name:    .overflow2
+    Type:    SHT_HASH
+    Bucket:  [ ]
+    Chain:   [ ]
+    NBucket: 0xffffffff
+    NChain:  0x1
 
 ## Check how we dump the "EntSize" field. When the sh_entsize is 4,
 ## we don't print it, because it is the default value for the SHT_HASH section.

diff  --git a/llvm/tools/obj2yaml/elf2yaml.cpp b/llvm/tools/obj2yaml/elf2yaml.cpp
index 50c3e90eb667..da32eaba5a69 100644
--- a/llvm/tools/obj2yaml/elf2yaml.cpp
+++ b/llvm/tools/obj2yaml/elf2yaml.cpp
@@ -1224,8 +1224,8 @@ ELFDumper<ELFT>::dumpHashSection(const Elf_Shdr *Shdr) {
 
   DataExtractor::Cursor Cur(0);
   DataExtractor Data(Content, Obj.isLE(), /*AddressSize=*/0);
-  uint32_t NBucket = Data.getU32(Cur);
-  uint32_t NChain = Data.getU32(Cur);
+  uint64_t NBucket = Data.getU32(Cur);
+  uint64_t NChain = Data.getU32(Cur);
   if (Content.size() != (2 + NBucket + NChain) * 4) {
     S->Content = yaml::BinaryRef(Content);
     if (Cur)


        


More information about the llvm-commits mailing list