From d38c6b1e4bdec798517aee0d3ad7ff461a5b54b7 Mon Sep 17 00:00:00 2001 From: Saleem Abdulrasool Date: Mon, 14 Apr 2014 02:37:23 +0000 Subject: tools: address possible non-null terminated filenames If a filename is a multiple of 18 characters, there will be no null-terminator. This will result in an invalid access by the constructed StringRef. Add a test case to exercise this and fix that handling. Address this same vulnerability in llvm-readobj as well. llvm-svn: 206145 --- .../tools/llvm-objdump/Inputs/file-aux-record.yaml | 21 +++++++++++++++++++++ .../llvm-objdump/coff-non-null-terminated-file.test | 5 +++++ .../tools/llvm-readobj/Inputs/file-aux-record.yaml | 21 +++++++++++++++++++++ .../llvm-readobj/coff-non-null-terminated-file.test | 20 ++++++++++++++++++++ 4 files changed, 67 insertions(+) create mode 100644 llvm/test/tools/llvm-objdump/Inputs/file-aux-record.yaml create mode 100644 llvm/test/tools/llvm-objdump/coff-non-null-terminated-file.test create mode 100644 llvm/test/tools/llvm-readobj/Inputs/file-aux-record.yaml create mode 100644 llvm/test/tools/llvm-readobj/coff-non-null-terminated-file.test (limited to 'llvm/test/tools') diff --git a/llvm/test/tools/llvm-objdump/Inputs/file-aux-record.yaml b/llvm/test/tools/llvm-objdump/Inputs/file-aux-record.yaml new file mode 100644 index 00000000000..d19afaf68a8 --- /dev/null +++ b/llvm/test/tools/llvm-objdump/Inputs/file-aux-record.yaml @@ -0,0 +1,21 @@ +header: !Header + Machine: IMAGE_FILE_MACHINE_I386 # (0x14c) + Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ] +sections: +symbols: + - !Symbol + Name: .file + Value: 0 + SectionNumber: 65534 + SimpleType: IMAGE_SYM_TYPE_NULL + ComplexType: IMAGE_SYM_DTYPE_NULL + StorageClass: IMAGE_SYM_CLASS_FILE + File: eighteen-chars.obj + - !Symbol + Name: '@comp.id' + Value: 13485607 + SectionNumber: 65535 + SimpleType: IMAGE_SYM_TYPE_NULL + ComplexType: IMAGE_SYM_DTYPE_NULL + StorageClass: IMAGE_SYM_CLASS_STATIC + diff --git a/llvm/test/tools/llvm-objdump/coff-non-null-terminated-file.test b/llvm/test/tools/llvm-objdump/coff-non-null-terminated-file.test new file mode 100644 index 00000000000..125994ff086 --- /dev/null +++ b/llvm/test/tools/llvm-objdump/coff-non-null-terminated-file.test @@ -0,0 +1,5 @@ +RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-objdump -t - | FileCheck %s + +CHECK: .file +CHECK: AUX eighteen-chars.obj{{$}} + diff --git a/llvm/test/tools/llvm-readobj/Inputs/file-aux-record.yaml b/llvm/test/tools/llvm-readobj/Inputs/file-aux-record.yaml new file mode 100644 index 00000000000..d19afaf68a8 --- /dev/null +++ b/llvm/test/tools/llvm-readobj/Inputs/file-aux-record.yaml @@ -0,0 +1,21 @@ +header: !Header + Machine: IMAGE_FILE_MACHINE_I386 # (0x14c) + Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ] +sections: +symbols: + - !Symbol + Name: .file + Value: 0 + SectionNumber: 65534 + SimpleType: IMAGE_SYM_TYPE_NULL + ComplexType: IMAGE_SYM_DTYPE_NULL + StorageClass: IMAGE_SYM_CLASS_FILE + File: eighteen-chars.obj + - !Symbol + Name: '@comp.id' + Value: 13485607 + SectionNumber: 65535 + SimpleType: IMAGE_SYM_TYPE_NULL + ComplexType: IMAGE_SYM_DTYPE_NULL + StorageClass: IMAGE_SYM_CLASS_STATIC + diff --git a/llvm/test/tools/llvm-readobj/coff-non-null-terminated-file.test b/llvm/test/tools/llvm-readobj/coff-non-null-terminated-file.test new file mode 100644 index 00000000000..8bd88f3708e --- /dev/null +++ b/llvm/test/tools/llvm-readobj/coff-non-null-terminated-file.test @@ -0,0 +1,20 @@ +RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-readobj -t - | FileCheck %s + +CHECK: Symbols [ +CHECK: Symbol { +CHECK: Name: .file +CHECK: Value: 0 +CHECK: StorageClass: File +CHECK: AuxSymbolCount: 1 +CHECK: AuxFileRecord { +CHECK: FileName: eighteen-chars.obj{{$}} +CHECK: } +CHECK: } +CHECK: Symbol { +CHECK: Name: @comp.id +CHECK: Value: 13485607 +CHECK: StorageClass: Static +CHECK: AuxSymbolCount: 0 +CHECK: } +CHECK: ] + -- cgit v1.2.3