diff options
| author | Adrian Prantl <aprantl@apple.com> | 2018-04-23 16:08:01 +0000 |
|---|---|---|
| committer | Adrian Prantl <aprantl@apple.com> | 2018-04-23 16:08:01 +0000 |
| commit | bbe980dfe12d939624ae7c91c9c4bc3a585de75d (patch) | |
| tree | 8da7b6be359dab618d09803d11f812dba665e126 /llvm/lib/Object/SymbolSize.cpp | |
| parent | 1bc528cd9a7a96f6c99c2c71d54ea66ac5d14ef2 (diff) | |
| download | bcm5719-llvm-bbe980dfe12d939624ae7c91c9c4bc3a585de75d.tar.gz bcm5719-llvm-bbe980dfe12d939624ae7c91c9c4bc3a585de75d.zip | |
Fix computeSymbolSizes SEGFAULT on invalid file
We use llvm-symbolizer in some production systems, and we run it
against all possibly related files, including some that are not
ELF. We noticed that for some of those invalid files, llvm-symbolizer
would crash with SEGFAULT. Here is an example of such a file.
It is due to that in computeSymbolSizes, a loop uses condition
for (unsigned I = 0, N = Addresses.size() - 1; I < N; ++I) {
where if Addresses.size() is 0, N would overflow and causing the loop
to access invalid memory.
Instead of patching the loop conditions, the commit makes so that the
function returns early if Addresses is empty.
Validated by checking that llvm-symbolizer no longer crashes.
Patch by Teng Qin!
Differential Revision: https://reviews.llvm.org/D44285
llvm-svn: 330610
Diffstat (limited to 'llvm/lib/Object/SymbolSize.cpp')
| -rw-r--r-- | llvm/lib/Object/SymbolSize.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/llvm/lib/Object/SymbolSize.cpp b/llvm/lib/Object/SymbolSize.cpp index dd49d5f116b..004fb1b0754 100644 --- a/llvm/lib/Object/SymbolSize.cpp +++ b/llvm/lib/Object/SymbolSize.cpp @@ -66,6 +66,10 @@ llvm::object::computeSymbolSizes(const ObjectFile &O) { Addresses.push_back( {O.symbol_end(), Address + Size, 0, getSectionID(O, Sec)}); } + + if (Addresses.empty()) + return Ret; + array_pod_sort(Addresses.begin(), Addresses.end(), compareAddress); // Compute the size as the gap to the next symbol |
