[lld] d0cf7b2 - [ELF] EhInputSection::getParentOffset: fix out-of-bounds access for symbols relative to a non-empty .eh_frame

Fangrui Song via llvm-commits llvm-commits at lists.llvm.org
Mon Aug 1 01:10:56 PDT 2022 

Author: Fangrui Song
Date: 2022-08-01T01:10:51-07:00
New Revision: d0cf7b2015ebd76ec2957ff808aec2b1201ebc9d

URL: https://github.com/llvm/llvm-project/commit/d0cf7b2015ebd76ec2957ff808aec2b1201ebc9d
DIFF: https://github.com/llvm/llvm-project/commit/d0cf7b2015ebd76ec2957ff808aec2b1201ebc9d.diff

LOG: [ELF] EhInputSection::getParentOffset: fix out-of-bounds access for symbols relative to a non-empty .eh_frame

This has unclear semantics and can be considered invalid. Return an arbitrary value.

Added: 
    

Modified: 
    lld/ELF/InputSection.cpp
    lld/test/ELF/eh-frame-marker.s

Removed: 
    


################################################################################
diff  --git a/lld/ELF/InputSection.cpp b/lld/ELF/InputSection.cpp
index 394c512c2abc..4e0c1a9c9789 100644
--- a/lld/ELF/InputSection.cpp
+++ b/lld/ELF/InputSection.cpp
@@ -1319,9 +1319,12 @@ void EhInputSection::split(ArrayRef<RelTy> rels) {
 uint64_t EhInputSection::getParentOffset(uint64_t offset) const {
   auto it = partition_point(
       fdes, [=](EhSectionPiece p) { return p.inputOff <= offset; });
-  if (it == fdes.begin() || it[-1].inputOff + it[-1].size <= offset)
+  if (it == fdes.begin() || it[-1].inputOff + it[-1].size <= offset) {
     it = partition_point(
         cies, [=](EhSectionPiece p) { return p.inputOff <= offset; });
+    if (it == cies.begin()) // invalid piece
+      return offset;
+  }
   if (it[-1].outputOff == -1) // invalid piece
     return offset - it[-1].inputOff;
   return it[-1].outputOff + (offset - it[-1].inputOff);

diff  --git a/lld/test/ELF/eh-frame-marker.s b/lld/test/ELF/eh-frame-marker.s
index 02591ed21cb7..b14806fc1080 100644
--- a/lld/test/ELF/eh-frame-marker.s
+++ b/lld/test/ELF/eh-frame-marker.s
@@ -1,8 +1,11 @@
 // REQUIRES: x86
+/// A symbol can be defined relative to an empty .eh_frame (__EH_FRAME_LIST__).
+/// Symbols defined relative to a non-empty .eh_frame have unclear semantics.
+/// Test we don't crash.
+
 // RUN: llvm-mc %s -o %t.o -filetype=obj -triple=x86_64-pc-linux
 // RUN: ld.lld --eh-frame-hdr %t.o -o %t.so -shared
 // RUN: llvm-readobj --symbols -S %t.so | FileCheck %s
-// We used to crash on this.
 
 // CHECK:      Name: .eh_frame_hdr
 // CHECK:      Name: .eh_frame

More information about the llvm-commits mailing list