[llvm] [llvm-objcopy][COFF] Update WinCFGuard section contents after stripping (PR #153322)

Martin Storsjö via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 14 06:22:05 PDT 2025 

================
@@ -92,6 +93,63 @@ Error COFFWriter::finalizeSymbolContents() {
   return Error::success();
 }
 
+Error COFFWriter::finalizeCFGuardContents() {
+  DenseMap<size_t, size_t> SymIdMap;
+  bool NeedUpdate = false;
+  for (Symbol &Sym : Obj.getMutableSymbols()) {
+    NeedUpdate |= Sym.OriginalRawIndex == Sym.RawIndex;
+    SymIdMap[Sym.OriginalRawIndex] = Sym.RawIndex;
+  }
+
+  if (!NeedUpdate)
+    return Error::success();
+
+  for (auto &Sym : Obj.getMutableSymbols()) {
+    if (Sym.Name != ".gljmp$y" && Sym.Name != ".giats$y" &&
+        Sym.Name != ".gfids$y")
+      continue;
+
+    auto Sec = find_if(Obj.getMutableSections(),
+                       [&Sym](Section &S) { return S.Name == Sym.Name; });
----------------
mstorsjo wrote:

Making a mapping from section to symbol would be good here, yes.

However - do note that an object file can have multiple symbols with the same name. Only extern symbols are unique - non-extern symbols can be have collisions. So looking up a symbol based on a section name doesn't generally work.

As an example:
```c
void func1(void) {}
void func2(void) {}
```

```console
$ clang -target x86_64-windows-msvc -c test.c -ffunction-sections
$ obj2yaml test.o
  - Name:            .text
    Value:           0
    SectionNumber:   4
    SimpleType:      IMAGE_SYM_TYPE_NULL
    ComplexType:     IMAGE_SYM_DTYPE_NULL
    StorageClass:    IMAGE_SYM_CLASS_STATIC
    SectionDefinition:
      Length:          1
      NumberOfRelocations: 0
      NumberOfLinenumbers: 0
      CheckSum:        40735498
      Number:          4
      Selection:       IMAGE_COMDAT_SELECT_NODUPLICATES
  - Name:            func1
    Value:           0
    SectionNumber:   4
    SimpleType:      IMAGE_SYM_TYPE_NULL
    ComplexType:     IMAGE_SYM_DTYPE_FUNCTION
    StorageClass:    IMAGE_SYM_CLASS_EXTERNAL
  - Name:            .text
    Value:           0
    SectionNumber:   5
    SimpleType:      IMAGE_SYM_TYPE_NULL
    ComplexType:     IMAGE_SYM_DTYPE_NULL
    StorageClass:    IMAGE_SYM_CLASS_STATIC
    SectionDefinition:
      Length:          1
      NumberOfRelocations: 0
      NumberOfLinenumbers: 0
      CheckSum:        40735498
      Number:          5
      Selection:       IMAGE_COMDAT_SELECT_NODUPLICATES
  - Name:            func2
    Value:           0
    SectionNumber:   5
    SimpleType:      IMAGE_SYM_TYPE_NULL
    ComplexType:     IMAGE_SYM_DTYPE_FUNCTION
    StorageClass:    IMAGE_SYM_CLASS_EXTERNAL
```

It's unlikely that you'd have multiple duplicate symbols/sections for these CFG sections - but it sets a bad precedent if we have code in objcopy that does incorrect assumptions on how you can look things up.

The only right way to map a section to its section definition is by looking at the `SectionNumber` field - looking for a symbol with the right StorageClass and number of aux symbols.

So for that, perhaps it's simplest to either iterate over all symbols, pick up all section definitions (ones with num aux == 1 and IMAGE_SYM_CLASS_STATIC I guess), put that in a map with SectionNumber->Symbol, and look up in that when operating on/iterating over sections?

https://github.com/llvm/llvm-project/pull/153322

More information about the llvm-commits mailing list