diff options
| author | Kevin Enderby <enderby@apple.com> | 2016-09-28 23:16:01 +0000 |
|---|---|---|
| committer | Kevin Enderby <enderby@apple.com> | 2016-09-28 23:16:01 +0000 |
| commit | 76966bf06629e6b73e8d62cf714d5e7cee579bff (patch) | |
| tree | 452faa8a37e20e486261d117cdf6e5ef8c418ce5 | |
| parent | ae1ba73aeb538d26e44c6e66209a6ef49fd8a1b9 (diff) | |
| download | bcm5719-llvm-76966bf06629e6b73e8d62cf714d5e7cee579bff.tar.gz bcm5719-llvm-76966bf06629e6b73e8d62cf714d5e7cee579bff.zip | |
Next set of additional error checks for invalid Mach-O files for the
load command that uses the Mach::rpath_command type
but not used in llvm libObject code but used in llvm tool code.
This includes just the LC_RPATH load command.
llvm-svn: 282649
| -rw-r--r-- | llvm/lib/Object/MachOObjectFile.cpp | 32 | ||||
| -rw-r--r-- | llvm/test/Object/Inputs/macho-invalid-rpath-name_offset-toobig | bin | 0 -> 40 bytes | |||
| -rw-r--r-- | llvm/test/Object/Inputs/macho-invalid-rpath-name_toobig | bin | 0 -> 44 bytes | |||
| -rw-r--r-- | llvm/test/Object/Inputs/macho-invalid-rpath-small | bin | 0 -> 44 bytes | |||
| -rw-r--r-- | llvm/test/Object/macho-invalid.test | 9 |
5 files changed, 41 insertions, 0 deletions
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 847e61fff1e..36423946229 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -669,6 +669,35 @@ static Error checkVersCommand(const MachOObjectFile *Obj, return Error::success(); } +static Error checkRpathCommand(const MachOObjectFile *Obj, + const MachOObjectFile::LoadCommandInfo &Load, + uint32_t LoadCommandIndex) { + if (Load.C.cmdsize < sizeof(MachO::rpath_command)) + return malformedError("load command " + Twine(LoadCommandIndex) + + " LC_RPATH cmdsize too small"); + MachO::rpath_command R = getStruct<MachO::rpath_command>(Obj, Load.Ptr); + if (R.path < sizeof(MachO::rpath_command)) + return malformedError("load command " + Twine(LoadCommandIndex) + + " LC_RPATH path.offset field too small, not past " + "the end of the rpath_command struct"); + if (R.path >= R.cmdsize) + return malformedError("load command " + Twine(LoadCommandIndex) + + " LC_RPATH path.offset field extends past the end " + "of the load command"); + // Make sure there is a null between the starting offset of the path and + // the end of the load command. + uint32_t i; + const char *P = (const char *)Load.Ptr; + for (i = R.path; i < R.cmdsize; i++) + if (P[i] == '\0') + break; + if (i >= R.cmdsize) + return malformedError("load command " + Twine(LoadCommandIndex) + + " LC_RPATH library name extends past the end of the " + "load command"); + return Error::success(); +} + Expected<std::unique_ptr<MachOObjectFile>> MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian, bool Is64Bits) { @@ -847,6 +876,9 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, if ((Err = checkVersCommand(this, Load, I, &VersLoadCmd, "LC_VERSION_MIN_WATCHOS"))) return; + } else if (Load.C.cmd == MachO::LC_RPATH) { + if ((Err = checkRpathCommand(this, Load, I))) + return; } if (I < LoadCommandCount - 1) { if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load)) diff --git a/llvm/test/Object/Inputs/macho-invalid-rpath-name_offset-toobig b/llvm/test/Object/Inputs/macho-invalid-rpath-name_offset-toobig Binary files differnew file mode 100644 index 00000000000..0a4849ab192 --- /dev/null +++ b/llvm/test/Object/Inputs/macho-invalid-rpath-name_offset-toobig diff --git a/llvm/test/Object/Inputs/macho-invalid-rpath-name_toobig b/llvm/test/Object/Inputs/macho-invalid-rpath-name_toobig Binary files differnew file mode 100644 index 00000000000..2a1abe60a31 --- /dev/null +++ b/llvm/test/Object/Inputs/macho-invalid-rpath-name_toobig diff --git a/llvm/test/Object/Inputs/macho-invalid-rpath-small b/llvm/test/Object/Inputs/macho-invalid-rpath-small Binary files differnew file mode 100644 index 00000000000..5a6944fc629 --- /dev/null +++ b/llvm/test/Object/Inputs/macho-invalid-rpath-small diff --git a/llvm/test/Object/macho-invalid.test b/llvm/test/Object/macho-invalid.test index c42de88218c..c4048db23b6 100644 --- a/llvm/test/Object/macho-invalid.test +++ b/llvm/test/Object/macho-invalid.test @@ -313,3 +313,12 @@ INVALID-VERS-SMALL: macho-invalid-vers-small': truncated or malformed object (lo RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-vers-more-than-one 2>&1 | FileCheck -check-prefix INVALID-VERS-MORE-THAN-ONE %s INVALID-VERS-MORE-THAN-ONE: macho-invalid-vers-more-than-one': truncated or malformed object (more than one LC_VERSION_MIN_MACOSX, LC_VERSION_MIN_IPHONEOS, LC_VERSION_MIN_TVOS or LC_VERSION_MIN_WATCHOS command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-rpath-small 2>&1 | FileCheck -check-prefix INVALID-RPATH-SMALL %s +INVALID-RPATH-SMALL: macho-invalid-rpath-small': truncated or malformed object (load command 0 LC_RPATH cmdsize too small) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-rpath-name_offset-toobig 2>&1 | FileCheck -check-prefix INVALID-RPATH-NAME_OFFSET-TOOBIG %s +INVALID-RPATH-NAME_OFFSET-TOOBIG: macho-invalid-rpath-name_offset-toobig': truncated or malformed object (load command 0 LC_RPATH path.offset field extends past the end of the load command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-rpath-name_toobig 2>&1 | FileCheck -check-prefix INVALID-RPATH-NAME_TOOBIG %s +INVALID-RPATH-NAME_TOOBIG: macho-invalid-rpath-name_toobig': truncated or malformed object (load command 0 LC_RPATH library name extends past the end of the load command) |
