diff options
| author | George Rimar <grimar@accesssoftek.com> | 2016-10-31 15:33:00 +0000 |
|---|---|---|
| committer | George Rimar <grimar@accesssoftek.com> | 2016-10-31 15:33:00 +0000 |
| commit | f01f65ea593bf1bbdcbeb425e1053ac3bbd9644d (patch) | |
| tree | a01481d59c11b0ff659104343b0fc8935a1f1513 | |
| parent | 2460bada567e0bb9213640d53f417dfd4e23a954 (diff) | |
| download | bcm5719-llvm-f01f65ea593bf1bbdcbeb425e1053ac3bbd9644d.tar.gz bcm5719-llvm-f01f65ea593bf1bbdcbeb425e1053ac3bbd9644d.zip | |
Recommit r285285 - [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.
with fix: edited invalid-section-index2.elf input to pass the new check and
fail on the same place it was intended to fail.
Original commit message:
Elf.h already has code checking that section table does not go past end of file.
Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize
because of calculation overflow.
Parch fixes the issue.
Differential revision: https://reviews.llvm.org/D25432
llvm-svn: 285586
| -rw-r--r-- | llvm/include/llvm/Object/ELF.h | 6 | ||||
| -rw-r--r-- | llvm/test/Object/Inputs/invalid-section-index2.elf | bin | 435 -> 435 bytes | |||
| -rw-r--r-- | llvm/test/Object/Inputs/invalid-sections-num.elf | bin | 0 -> 528 bytes | |||
| -rw-r--r-- | llvm/test/Object/invalid.test | 3 |
4 files changed, 9 insertions, 0 deletions
diff --git a/llvm/include/llvm/Object/ELF.h b/llvm/include/llvm/Object/ELF.h index d1de25d2821..2c715bffa2f 100644 --- a/llvm/include/llvm/Object/ELF.h +++ b/llvm/include/llvm/Object/ELF.h @@ -347,6 +347,12 @@ ELFFile<ELFT>::ELFFile(StringRef Object, std::error_code &EC) // The getNumSections() call below depends on SectionHeaderTable being set. SectionHeaderTable = reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset); + if (getNumSections() > UINT64_MAX / Header->e_shentsize) { + // Section table goes past end of file! + EC = object_error::parse_failed; + return; + } + const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize; if (SectionTableOffset + SectionTableSize > FileSize) { diff --git a/llvm/test/Object/Inputs/invalid-section-index2.elf b/llvm/test/Object/Inputs/invalid-section-index2.elf Binary files differindex 7667637519c..92c372a25f8 100644 --- a/llvm/test/Object/Inputs/invalid-section-index2.elf +++ b/llvm/test/Object/Inputs/invalid-section-index2.elf diff --git a/llvm/test/Object/Inputs/invalid-sections-num.elf b/llvm/test/Object/Inputs/invalid-sections-num.elf Binary files differnew file mode 100644 index 00000000000..d8d5bc8fe2b --- /dev/null +++ b/llvm/test/Object/Inputs/invalid-sections-num.elf diff --git a/llvm/test/Object/invalid.test b/llvm/test/Object/invalid.test index a0016fef9d5..dd431aa3a55 100644 --- a/llvm/test/Object/invalid.test +++ b/llvm/test/Object/invalid.test @@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the fi RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \ RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file. + +RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s +INVALID-SECTION-NUM: Invalid data was encountered while parsing the file. |
