From: Rafael Espindola <rafael.espindola@gmail.com>
Date: Thu, 5 Oct 2017 20:01:32 +0000 (+0000)
Subject: Added phdr upper bound checks to ElfObject.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=629b8be51be2ebbf91ad9a4f6e42c8e0202db271;p=llvm

Added phdr upper bound checks to ElfObject.

Ensure the program_headers call will fail correctly if the program
headers are larger than the underlying buffer.

Patch by Parker Thompson!

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315012 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h
index 670c0bbce3a..c3bfa7be289 100644
--- a/include/llvm/Object/ELF.h
+++ b/include/llvm/Object/ELF.h
@@ -144,6 +144,10 @@ public:
   Expected<Elf_Phdr_Range> program_headers() const {
     if (getHeader()->e_phnum && getHeader()->e_phentsize != sizeof(Elf_Phdr))
       return createError("invalid e_phentsize");
+    if (getHeader()->e_phoff +
+            (getHeader()->e_phnum * getHeader()->e_phentsize) >
+        getBufSize())
+      return createError("program headers longer than binary");
     auto *Begin =
         reinterpret_cast<const Elf_Phdr *>(base() + getHeader()->e_phoff);
     return makeArrayRef(Begin, Begin + getHeader()->e_phnum);
diff --git a/test/Object/Inputs/invalid-phdr.elf b/test/Object/Inputs/invalid-phdr.elf
new file mode 100644
index 00000000000..8a5cc53cc94
Binary files /dev/null and b/test/Object/Inputs/invalid-phdr.elf differ
diff --git a/test/Object/elf-invalid-phdr.test b/test/Object/elf-invalid-phdr.test
new file mode 100644
index 00000000000..aef1772588e
--- /dev/null
+++ b/test/Object/elf-invalid-phdr.test
@@ -0,0 +1,26 @@
+# invalid-phdr.elf is generated by creating a simple elf file with yaml2obj:
+# !ELF
+# FileHeader:
+#   Class:           ELFCLASS64
+#   Data:            ELFDATA2LSB
+#   Type:            ET_EXEC
+#   Machine:         EM_X86_64
+# Sections:
+#   - Name:            .text
+#     Type:            SHT_PROGBITS
+#     Flags:           [ SHF_ALLOC, SHF_EXECINSTR ]
+#     AddressAlign:    0x0000000000001000
+#     Content:         "00000000"
+# ProgramHeaders:
+#   - Type: PT_LOAD
+#     Flags: [ PF_X, PF_R ]
+#     VAddr: 0xAAAA1000
+#     PAddr: 0xFFFF1000
+#     Sections:
+#       - Section: .text
+#
+# Then editing the e_phoff in with a hexeditor to set it to 0xffffff
+RUN: not llvm-objdump -private-headers %p/Inputs/invalid-phdr.elf 2>&1 \
+RUN:         | FileCheck %s
+
+CHECK: LLVM ERROR: Invalid data was encountered while parsing the file