From: George Rimar Date: Thu, 27 Oct 2016 11:44:56 +0000 (+0000) Subject: [Object/ELF] - Do not allow overflow when checking section size/offset. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=464f0d78860090891079469ba7678656e7c5a12a;p=llvm [Object/ELF] - Do not allow overflow when checking section size/offset. Overflow was the reason of incorrect passing the check, patch fixes the case. Differentail revision: https://reviews.llvm.org/D25514 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285284 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h index b6d4b804c27..d1de25d2821 100644 --- a/include/llvm/Object/ELF.h +++ b/include/llvm/Object/ELF.h @@ -229,7 +229,8 @@ ELFFile::getSectionContentsAsArray(const Elf_Shdr *Sec) const { if (Size % sizeof(T)) return object_error::parse_failed; - if (Offset + Size > Buf.size()) + if ((std::numeric_limits::max() - Offset < Size) || + Offset + Size > Buf.size()) return object_error::parse_failed; const T *Start = reinterpret_cast(base() + Offset); diff --git a/test/Object/Inputs/invalid-section-size2.elf b/test/Object/Inputs/invalid-section-size2.elf new file mode 100644 index 00000000000..5b7b5bca48a Binary files /dev/null and b/test/Object/Inputs/invalid-section-size2.elf differ diff --git a/test/Object/invalid.test b/test/Object/invalid.test index 352917987de..a0016fef9d5 100644 --- a/test/Object/invalid.test +++ b/test/Object/invalid.test @@ -72,3 +72,7 @@ INVALID-RELOC-SH-OFFSET: Invalid data was encountered while parsing the file RUN: not llvm-readobj -t %p/Inputs/invalid-sections-address-alignment.x86-64 2>&1 | \ RUN: FileCheck --check-prefix=INVALID-SEC-ADDRESS-ALIGNMENT %s INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the file + +RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s +INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.