[Object/ELF] - Do not allow overflow when checking section size/offset.

Overflow was the reason of incorrect passing the check,
patch fixes the case.

Differentail revision: https://reviews.llvm.org/D25514

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285284 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h
index b6d4b804c27d4447c5fd8407767ea6ebd95147c3..d1de25d2821904abea4546d47d901d6c61736453 100644 (file)
--- a/include/llvm/Object/ELF.h
+++ b/include/llvm/Object/ELF.h
@@ -229,7 +229,8 @@ ELFFile<ELFT>::getSectionContentsAsArray(const Elf_Shdr *Sec) const {
 
   if (Size % sizeof(T))
     return object_error::parse_failed;
-  if (Offset + Size > Buf.size())
+  if ((std::numeric_limits<uintX_t>::max() - Offset < Size) ||
+      Offset + Size > Buf.size())
     return object_error::parse_failed;
 
   const T *Start = reinterpret_cast<const T *>(base() + Offset);

diff --git a/test/Object/Inputs/invalid-section-size2.elf b/test/Object/Inputs/invalid-section-size2.elf
new file mode 100644 (file)
index 0000000..5b7b5bc
Binary files /dev/null and b/test/Object/Inputs/invalid-section-size2.elf differ

diff --git a/test/Object/invalid.test b/test/Object/invalid.test
index 352917987deb6533e9334b2c6edfd2b01aed7ec8..a0016fef9d537cc00eda61ecf3564a59f700e5d4 100644 (file)
--- a/test/Object/invalid.test
+++ b/test/Object/invalid.test
@@ -72,3 +72,7 @@ INVALID-RELOC-SH-OFFSET: Invalid data was encountered while parsing the file
 RUN: not llvm-readobj -t %p/Inputs/invalid-sections-address-alignment.x86-64 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-SEC-ADDRESS-ALIGNMENT %s
 INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the file
+
+RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
+INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.