From 870257455762cc35b609e6050abebd905d73dccc Mon Sep 17 00:00:00 2001 From: Kevin Enderby Date: Wed, 13 Apr 2016 21:17:58 +0000 Subject: Start to add real error messages for malformed Mach-O files. And update the existing test cases in test/Object/macho-invalid.test to use llvm-objdump with the -macho option to produce these error messages and stop producing the generic "Invalid data was encountered while parsing the file" message. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Working from the beginning of the file, if the mach header is too large for the size of the file and then if the load commands that follow extend past the end of the file these two errors now generate correct error messages. Both of these have existing test cases in test/Object/macho-invalid.test . But the first with macho-invalid-header it will never trigger the error message "mach header extends past the end of the file" using any of the llvm tools as they all use identify_magic() which rejects files with the correct magic number that are too small in size. So I tested this by hacking that code and seeing the error message down in parseHeader() really does happen. So in case there is ever code in llvm that directly calls createMachOObjectFile() this error message will be correctly produced. The second error message of "load commands extends past the end of the file" is triggered by a number of existing tests cases in test/Object/macho-invalid.test . Also other tests trigger different error messages now like "ilocalsym plus nlocalsym in LC_DYSYMTAB load command extends past the end of the symbol table". There are two existing test cases that still get the "Invalid data was encountered ..." error messages that I will tackle next. But they will involve a bit of pluming an Expect<...> up through the call stack and I want to do those as separate changes. FYI, for those test cases that were trying to test specific errors that now get different errors I’ll fix those in follow on changes and create new test cases for those so they test the error they were meant to test. llvm-svn: 266248 --- llvm/lib/Object/MachOObjectFile.cpp | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'llvm/lib/Object/MachOObjectFile.cpp') diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index c6643cb8c03..deb7f9cece3 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -208,6 +208,11 @@ getNextLoadCommandInfo(const MachOObjectFile *Obj, template static void parseHeader(const MachOObjectFile *Obj, T &Header, Error &Err) { + if (sizeof(T) > Obj->getData().size()) { + Err = malformedError(*Obj, "truncated or malformed object (the mach header " + "extends past the end of the file)"); + return; + } if (auto HeaderOrErr = getStructOrErr(Obj, getPtr(Obj, 0))) Header = *HeaderOrErr; else @@ -267,12 +272,22 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, DyldInfoLoadCmd(nullptr), UuidLoadCmd(nullptr), HasPageZeroSegment(false) { ErrorAsOutParameter ErrAsOutParam(Err); - if (is64Bit()) + uint64_t big_size; + if (is64Bit()) { parseHeader(this, Header64, Err); - else + big_size = sizeof(MachO::mach_header_64); + } else { parseHeader(this, Header, Err); + big_size = sizeof(MachO::mach_header); + } if (Err) return; + big_size += getHeader().sizeofcmds; + if (getData().data() + big_size > getData().end()) { + Err = malformedError(getFileName(), "truncated or malformed object " + "(load commands extends past the end of the file)"); + return; + } uint32_t LoadCommandCount = getHeader().ncmds; if (LoadCommandCount == 0) -- cgit v1.2.3