[llvm] 893c84d - [obj2yaml] - Dump the content of a broken hash table properly.
Georgii Rymar via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 25 01:01:34 PST 2020
Author: Georgii Rymar
Date: 2020-12-25T11:51:28+03:00
New Revision: 893c84d71c4ad223ae495d66a0c733a91c72e7bf
URL: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf
DIFF: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf.diff
LOG: [obj2yaml] - Dump the content of a broken hash table properly.
This is similar to D93760.
When something is wrong with the hash table header we dump
its context as a raw data.
Currently we have the calculation overflow issue and it is possible to
bypass the validation we have (and crash).
The patch fixes it.
Differential revision: https://reviews.llvm.org/D93799
Added:
Modified:
llvm/test/tools/obj2yaml/ELF/hash-section.yaml
llvm/tools/obj2yaml/elf2yaml.cpp
Removed:
################################################################################
diff --git a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
index 389b4bbb6972..57d823b3a0be 100644
--- a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
+++ b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml
@@ -49,6 +49,13 @@ Sections:
# CONTENT-NEXT: - Name: .oversized
# CONTENT-NEXT: Type: SHT_HASH
# CONTENT-NEXT: Content: '0100000002000000030000000400000000'
+# CONTENT-NEXT: - Name: .overflow1
+# CONTENT-NEXT: Type: SHT_HASH
+# CONTENT-NEXT: Content: 01000000FFFFFFFF{{$}}
+# CONTENT-NEXT: - Name: .overflow2
+# CONTENT-NEXT: Type: SHT_HASH
+# CONTENT-NEXT: Content: FFFFFFFF01000000{{$}}
+# CONTENT-NEXT: ...
--- !ELF
FileHeader:
@@ -74,6 +81,20 @@ Sections:
- Name: .oversized
Type: SHT_HASH
Content: '0100000002000000030000000400000000'
+## Case 5, 6: NChain/NBucket are incorrect and causing 32-bit
+## unsigned overflows of intermediate expressions.
+ - Name: .overflow1
+ Type: SHT_HASH
+ Bucket: [ ]
+ Chain: [ ]
+ NBucket: 0x1
+ NChain: 0xffffffff
+ - Name: .overflow2
+ Type: SHT_HASH
+ Bucket: [ ]
+ Chain: [ ]
+ NBucket: 0xffffffff
+ NChain: 0x1
## Check how we dump the "EntSize" field. When the sh_entsize is 4,
## we don't print it, because it is the default value for the SHT_HASH section.
diff --git a/llvm/tools/obj2yaml/elf2yaml.cpp b/llvm/tools/obj2yaml/elf2yaml.cpp
index 50c3e90eb667..da32eaba5a69 100644
--- a/llvm/tools/obj2yaml/elf2yaml.cpp
+++ b/llvm/tools/obj2yaml/elf2yaml.cpp
@@ -1224,8 +1224,8 @@ ELFDumper<ELFT>::dumpHashSection(const Elf_Shdr *Shdr) {
DataExtractor::Cursor Cur(0);
DataExtractor Data(Content, Obj.isLE(), /*AddressSize=*/0);
- uint32_t NBucket = Data.getU32(Cur);
- uint32_t NChain = Data.getU32(Cur);
+ uint64_t NBucket = Data.getU32(Cur);
+ uint64_t NChain = Data.getU32(Cur);
if (Content.size() != (2 + NBucket + NChain) * 4) {
S->Content = yaml::BinaryRef(Content);
if (Cur)
More information about the llvm-commits
mailing list