From: George Rimar Date: Mon, 31 Oct 2016 15:33:00 +0000 (+0000) Subject: Recommit r285285 - [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=80431317911162d73590457d435ccd8fe13a197a;p=llvm Recommit r285285 - [Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large. with fix: edited invalid-section-index2.elf input to pass the new check and fail on the same place it was intended to fail. Original commit message: Elf.h already has code checking that section table does not go past end of file. Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize because of calculation overflow. Parch fixes the issue. Differential revision: https://reviews.llvm.org/D25432 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285586 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h index d1de25d2821..2c715bffa2f 100644 --- a/include/llvm/Object/ELF.h +++ b/include/llvm/Object/ELF.h @@ -347,6 +347,12 @@ ELFFile::ELFFile(StringRef Object, std::error_code &EC) // The getNumSections() call below depends on SectionHeaderTable being set. SectionHeaderTable = reinterpret_cast(base() + SectionTableOffset); + if (getNumSections() > UINT64_MAX / Header->e_shentsize) { + // Section table goes past end of file! + EC = object_error::parse_failed; + return; + } + const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize; if (SectionTableOffset + SectionTableSize > FileSize) { diff --git a/test/Object/Inputs/invalid-section-index2.elf b/test/Object/Inputs/invalid-section-index2.elf index 7667637519c..92c372a25f8 100644 Binary files a/test/Object/Inputs/invalid-section-index2.elf and b/test/Object/Inputs/invalid-section-index2.elf differ diff --git a/test/Object/Inputs/invalid-sections-num.elf b/test/Object/Inputs/invalid-sections-num.elf new file mode 100644 index 00000000000..d8d5bc8fe2b Binary files /dev/null and b/test/Object/Inputs/invalid-sections-num.elf differ diff --git a/test/Object/invalid.test b/test/Object/invalid.test index a0016fef9d5..dd431aa3a55 100644 --- a/test/Object/invalid.test +++ b/test/Object/invalid.test @@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the fi RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \ RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file. + +RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s +INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.