diff options
| author | George Rimar <grimar@accesssoftek.com> | 2016-10-17 09:30:06 +0000 |
|---|---|---|
| committer | George Rimar <grimar@accesssoftek.com> | 2016-10-17 09:30:06 +0000 |
| commit | 71f3c1921a8c56123d74f65e62b0c736297ad0fa (patch) | |
| tree | f5718a6d810b929667321bdc3c42337b706446b6 | |
| parent | ada286202e2ba878163787f31b26d952de30797a (diff) | |
| download | bcm5719-llvm-71f3c1921a8c56123d74f65e62b0c736297ad0fa.tar.gz bcm5719-llvm-71f3c1921a8c56123d74f65e62b0c736297ad0fa.zip | |
[Object/ELF] - Do not crash on invalid section index.
If object has wrong (large) string table index and
also incorrect large value for amount of sections in total,
then section index passes the check:
if (Index >= getNumSections())
return object_error::invalid_section_index;
But result pointer then is far after end of file data, what
result in a crash.
Differential revision: https://reviews.llvm.org/D25081
llvm-svn: 284369
| -rw-r--r-- | llvm/include/llvm/Object/ELF.h | 8 | ||||
| -rw-r--r-- | llvm/test/Object/Inputs/invalid-section-index2.elf | bin | 0 -> 435 bytes | |||
| -rw-r--r-- | llvm/test/Object/invalid.test | 2 |
3 files changed, 6 insertions, 4 deletions
diff --git a/llvm/include/llvm/Object/ELF.h b/llvm/include/llvm/Object/ELF.h index c06fa75231b..31f42f5f50c 100644 --- a/llvm/include/llvm/Object/ELF.h +++ b/llvm/include/llvm/Object/ELF.h @@ -399,9 +399,11 @@ ELFFile<ELFT>::getSection(uint32_t Index) const { if (Index >= getNumSections()) return object_error::invalid_section_index; - return reinterpret_cast<const Elf_Shdr *>( - reinterpret_cast<const char *>(SectionHeaderTable) + - (Index * Header->e_shentsize)); + const uint8_t *Addr = reinterpret_cast<const uint8_t *>(SectionHeaderTable) + + (Index * Header->e_shentsize); + if (Addr >= base() + getBufSize()) + return object_error::invalid_section_index; + return reinterpret_cast<const Elf_Shdr *>(Addr); } template <class ELFT> diff --git a/llvm/test/Object/Inputs/invalid-section-index2.elf b/llvm/test/Object/Inputs/invalid-section-index2.elf Binary files differnew file mode 100644 index 00000000000..7667637519c --- /dev/null +++ b/llvm/test/Object/Inputs/invalid-section-index2.elf diff --git a/llvm/test/Object/invalid.test b/llvm/test/Object/invalid.test index 9f5587422d1..d940789b6dc 100644 --- a/llvm/test/Object/invalid.test +++ b/llvm/test/Object/invalid.test @@ -41,7 +41,7 @@ RUN: not llvm-readobj --dyn-symbols %p/Inputs/invalid-sh_entsize.elf 2>&1 | File INVALID-DYNSYM-SIZE: Invalid entity size RUN: not llvm-readobj -t %p/Inputs/invalid-section-index.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s - +RUN: not llvm-readobj -t %p/Inputs/invalid-section-index2.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s INVALID-SECTION-INDEX: Invalid section index RUN: not llvm-readobj -s %p/Inputs/invalid-section-size.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-SIZE %s |
