[llvm] 6e28ecd - [Object][ELF] Ensure offset to locate dyn section does not go past size
Antonio Frighetto via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 22 08:33:44 PDT 2024
Author: Antonio Frighetto
Date: 2024-03-22T16:29:09+01:00
New Revision: 6e28ecd79995a72a8dbde8f16a1afc18309442a1
URL: https://github.com/llvm/llvm-project/commit/6e28ecd79995a72a8dbde8f16a1afc18309442a1
DIFF: https://github.com/llvm/llvm-project/commit/6e28ecd79995a72a8dbde8f16a1afc18309442a1.diff
LOG: [Object][ELF] Ensure offset to locate dyn section does not go past size
Validate `p_offset` in `dynamicEntries` before computing the entry offset.
Fixes: https://github.com/llvm/llvm-project/issues/85568.
Added:
Modified:
llvm/lib/Object/ELF.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Object/ELF.cpp b/llvm/lib/Object/ELF.cpp
index 55dd0c8e06c092..0ac4e7a57759ac 100644
--- a/llvm/lib/Object/ELF.cpp
+++ b/llvm/lib/Object/ELF.cpp
@@ -560,7 +560,11 @@ Expected<typename ELFT::DynRange> ELFFile<ELFT>::dynamicEntries() const {
for (const Elf_Phdr &Phdr : *ProgramHeadersOrError) {
if (Phdr.p_type == ELF::PT_DYNAMIC) {
- Dyn = ArrayRef(reinterpret_cast<const Elf_Dyn *>(base() + Phdr.p_offset),
+ const uint8_t *DynOffset = base() + Phdr.p_offset;
+ if (DynOffset > end())
+ return createError(
+ "dynamic section offset past file size: corrupted ELF");
+ Dyn = ArrayRef(reinterpret_cast<const Elf_Dyn *>(DynOffset),
Phdr.p_filesz / sizeof(Elf_Dyn));
break;
}
More information about the llvm-commits
mailing list