objdump fails to parse Mach-O binaries with n_desc bearing stabs

Summary: The objdump Mach-O parser uses MachOObjectFile::checkSymbolTable() to verify the symbol table is in a legal state before dereferencing the offsets in the table. This routine missed a test for N_STAB symbols when validating the two-level name space library ordinal for undefined symbols. If the binary in question contained a value in the n_desc high byte that is larger than the list of loaded dylibs, checkSymbolTable() will flag the library ordinal as being out of range. Most of the time the n_desc field is set to 0 or to small values, but old final linked binaries exist with N_STAB symbols bearing non-trivial n_desc fields. The change here is simply to verify a symbol is not an N_STAB symbol before consulting the values of n_other or n_desc. rdar://44977336 Reviewers: lhames, pete, ab Reviewed By: pete Subscribers: llvm-commits, rupprecht Tags: #llvm Differential Revision: https://reviews.llvm.org/D58568 llvm-svn: 354722
author: Michael Trent <mtrent@apple.com> 2019-02-23 06:19:56 +0000
committer: Michael Trent <mtrent@apple.com> 2019-02-23 06:19:56 +0000
commit: 7dcfac617122976154ee39a8761147c5ff8ce1d9 (patch)
tree: 5443aa682b070697977395855f5227c2c9740e40 /llvm/lib/Object/MachOObjectFile.cpp
parent: 6c664eda780454f18385f8d39cde4fab7773529e (diff)
download: bcm5719-llvm-7dcfac617122976154ee39a8761147c5ff8ce1d9.tar.gz
bcm5719-llvm-7dcfac617122976154ee39a8761147c5ff8ce1d9.zip
1 files changed, 23 insertions, 23 deletions
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index 69e69bdcf93..c68bb5d8d02 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -1663,30 +1663,30 @@ Error MachOObjectFile::checkSymbolTable() const {
       NStrx = STE.n_strx;
       NValue = STE.n_value;
     }
-    if ((NType & MachO::N_STAB) == 0 &&
-        (NType & MachO::N_TYPE) == MachO::N_SECT) {
-      if (NSect == 0 || NSect > Sections.size())
-        return malformedError("bad section index: " + Twine((int)NSect) +
-                              " for symbol at index " + Twine(SymbolIndex));
-    }
-    if ((NType & MachO::N_STAB) == 0 &&
-        (NType & MachO::N_TYPE) == MachO::N_INDR) {
-      if (NValue >= S.strsize)
-        return malformedError("bad n_value: " + Twine((int)NValue) + " past "
-                              "the end of string table, for N_INDR symbol at "
-                              "index " + Twine(SymbolIndex));
-    }
-    if ((Flags & MachO::MH_TWOLEVEL) == MachO::MH_TWOLEVEL &&
-        (((NType & MachO::N_TYPE) == MachO::N_UNDF && NValue == 0) ||
-         (NType & MachO::N_TYPE) == MachO::N_PBUD)) {
-      uint32_t LibraryOrdinal = MachO::GET_LIBRARY_ORDINAL(NDesc);
-      if (LibraryOrdinal != 0 &&
-          LibraryOrdinal != MachO::EXECUTABLE_ORDINAL &&
-          LibraryOrdinal != MachO::DYNAMIC_LOOKUP_ORDINAL &&
-          LibraryOrdinal - 1 >= Libraries.size() ) {
-        return malformedError("bad library ordinal: " + Twine(LibraryOrdinal) +
-                            " for symbol at index " + Twine(SymbolIndex));
+    if ((NType & MachO::N_STAB) == 0) {
+      if ((NType & MachO::N_TYPE) == MachO::N_SECT) {
+        if (NSect == 0 || NSect > Sections.size())
+          return malformedError("bad section index: " + Twine((int)NSect) +
+                                " for symbol at index " + Twine(SymbolIndex));
       }
+      if ((NType & MachO::N_TYPE) == MachO::N_INDR) {
+        if (NValue >= S.strsize)
+          return malformedError("bad n_value: " + Twine((int)NValue) + " past "
+                                "the end of string table, for N_INDR symbol at "
+                                "index " + Twine(SymbolIndex));
+      }
+      if ((Flags & MachO::MH_TWOLEVEL) == MachO::MH_TWOLEVEL &&
+          (((NType & MachO::N_TYPE) == MachO::N_UNDF && NValue == 0) ||
+           (NType & MachO::N_TYPE) == MachO::N_PBUD)) {
+            uint32_t LibraryOrdinal = MachO::GET_LIBRARY_ORDINAL(NDesc);
+            if (LibraryOrdinal != 0 &&
+                LibraryOrdinal != MachO::EXECUTABLE_ORDINAL &&
+                LibraryOrdinal != MachO::DYNAMIC_LOOKUP_ORDINAL &&
+                LibraryOrdinal - 1 >= Libraries.size() ) {
+              return malformedError("bad library ordinal: " + Twine(LibraryOrdinal) +
+                                    " for symbol at index " + Twine(SymbolIndex));
+            }
+          }
     }
     if (NStrx >= S.strsize)
       return malformedError("bad string table index: " + Twine((int)NStrx) +
author	Michael Trent <mtrent@apple.com>	2019-02-23 06:19:56 +0000
committer	Michael Trent <mtrent@apple.com>	2019-02-23 06:19:56 +0000
commit	7dcfac617122976154ee39a8761147c5ff8ce1d9 (patch)
tree	5443aa682b070697977395855f5227c2c9740e40 /llvm/lib/Object/MachOObjectFile.cpp
parent	6c664eda780454f18385f8d39cde4fab7773529e (diff)
download	bcm5719-llvm-7dcfac617122976154ee39a8761147c5ff8ce1d9.tar.gz bcm5719-llvm-7dcfac617122976154ee39a8761147c5ff8ce1d9.zip