[lld] [lld][ELF] Improve the vulnerability in Orphan Sections initialization (PR #156354)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 1 09:33:45 PDT 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-lld
Author: None (mykouHW)
<details>
<summary>Changes</summary>
Fix the error generated during the linking process when the relocation section is placed before the relocated section and the relocated section is not defined in the linker script.
**Issue Cause:**
In the judgment logic, `addOrphanSections` assumes that the `RelocatedSection` must be processed before the `RelocationSection`. Under this assumption, the `OutputSection` for the `RelocatedSection` has already been constructed, and the `parent` relationship associated with the `InputSectionBase` has been established.
If the `RelocationSection` is processed before the `RelocatedSection`, this assumption is violated. As a result, the condition `rel->parent` evaluates to null, causing `add(relIS)` to not execute. This skips the registration and construction process of the `RelocatedSection`, since its `createOutputSection` and `recordSection` methods have not yet been called at this point.
However, during the construction and registration of the `RelocationSection` in the `addInputSec` function, the `RelocatedSection` is accessed. Since the `RelocatedSection` has not been constructed yet, attempting to access it results in a null pointer error.
**Solution:**
Before processing the `RelocationSection`, ensure that the `OutputSection` for the `RelocatedSection` is created and registered. The creation and registration logic is protected by the `add` function, which prevents duplicate creation. However, it may result in duplicate establishment of the `parent` relationship, which does not affect correctness.
---
Full diff: https://github.com/llvm/llvm-project/pull/156354.diff
2 Files Affected:
- (modified) lld/ELF/LinkerScript.cpp (+6-2)
- (added) lld/test/ELF/linkerscript/orphan-sections-init.s (+30)
``````````diff
diff --git a/lld/ELF/LinkerScript.cpp b/lld/ELF/LinkerScript.cpp
index 921128dae2bdb..067abbc42a13d 100644
--- a/lld/ELF/LinkerScript.cpp
+++ b/lld/ELF/LinkerScript.cpp
@@ -1037,10 +1037,14 @@ void LinkerScript::addOrphanSections() {
if (ctx.arg.relocatable && (isec->flags & SHF_LINK_ORDER))
continue;
- if (auto *sec = dyn_cast<InputSection>(isec))
- if (InputSectionBase *rel = sec->getRelocatedSection())
+ if (auto *sec = dyn_cast<InputSection>(isec)){
+ if (InputSectionBase *rel = sec->getRelocatedSection()){
+ if (auto *relIS = dyn_cast_or_null<InputSectionBase>(rel))
+ add(relIS);
if (auto *relIS = dyn_cast_or_null<InputSectionBase>(rel->parent))
add(relIS);
+ }
+ }
add(isec);
if (ctx.arg.relocatable)
for (InputSectionBase *depSec : isec->dependentSections)
diff --git a/lld/test/ELF/linkerscript/orphan-sections-init.s b/lld/test/ELF/linkerscript/orphan-sections-init.s
new file mode 100644
index 0000000000000..1701336f098e2
--- /dev/null
+++ b/lld/test/ELF/linkerscript/orphan-sections-init.s
@@ -0,0 +1,30 @@
+# REQUIRES: x86
+# RUN: rm -rf %t && mkdir -p %t
+# RUN: split-file %s %t && cd %t
+
+# RUN: llvm-mc -filetype=obj -triple=x86_64 foo.s -o foo.o
+
+# RUN: ld.lld -r foo.o -T script.ld -o foo_mc.o
+
+# RUN: llvm-objcopy --rename-section .text=.com.text foo_mc.o foo_mc.o
+# RUN: llvm-objcopy --rename-section .rela.text=.rela.com.text foo_mc.o foo_mc.o
+
+# RUN: ld.lld -r foo_mc.o -T script.ld -o foo_mc_after.o
+
+#--- foo.s
+ .text
+ .globl foo
+ .p2align 4
+ .type foo, at function
+foo:
+ mov $bar, %rax
+
+
+
+#--- script.ld
+SECTIONS
+{
+ .rela.text 0 : { *(.rela.text) }
+ .text 0 : { *(.text) }
+}
+
``````````
</details>
https://github.com/llvm/llvm-project/pull/156354
More information about the llvm-commits
mailing list