From: Kevin Enderby <enderby@apple.com>
Date: Mon, 26 Sep 2016 21:11:03 +0000 (+0000)
Subject: Next set of additional error checks for invalid Mach-O files for the
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=851d92e2331a9bc60e5a5037bca443c3579f7ca0;p=llvm

Next set of additional error checks for invalid Mach-O files for the
other load commands that use the Mach::linkedit_data_command type
but not used in llvm libObject code but used in llvm tool code.

This includes LC_FUNCTION_STARTS, LC_SEGMENT_SPLIT_INFO
and LC_DYLIB_CODE_SIGN_DRS load commands.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282441 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp
index da5a313f4b1..8fa4cd4fe27 100644
--- a/lib/Object/MachOObjectFile.cpp
+++ b/lib/Object/MachOObjectFile.cpp
@@ -673,6 +673,9 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
   }
 
   const char *DyldIdLoadCmd = nullptr;
+  const char *FuncStartsLoadCmd = nullptr;
+  const char *SplitInfoLoadCmd = nullptr;
+  const char *CodeSignDrsLoadCmd = nullptr;
   for (unsigned I = 0; I < LoadCommandCount; ++I) {
     if (is64Bit()) {
       if (Load.C.cmdsize % 8 != 0) {
@@ -708,6 +711,18 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
       if ((Err = checkLinkeditDataCommand(this, Load, I, &LinkOptHintsLoadCmd,
                                           "LC_LINKER_OPTIMIZATION_HINT")))
         return;
+    } else if (Load.C.cmd == MachO::LC_FUNCTION_STARTS) {
+      if ((Err = checkLinkeditDataCommand(this, Load, I, &FuncStartsLoadCmd,
+                                          "LC_FUNCTION_STARTS")))
+        return;
+    } else if (Load.C.cmd == MachO::LC_SEGMENT_SPLIT_INFO) {
+      if ((Err = checkLinkeditDataCommand(this, Load, I, &SplitInfoLoadCmd,
+                                          "LC_SEGMENT_SPLIT_INFO")))
+        return;
+    } else if (Load.C.cmd == MachO::LC_DYLIB_CODE_SIGN_DRS) {
+      if ((Err = checkLinkeditDataCommand(this, Load, I, &CodeSignDrsLoadCmd,
+                                          "LC_DYLIB_CODE_SIGN_DRS")))
+        return;
     } else if (Load.C.cmd == MachO::LC_DYLD_INFO) {
       if ((Err = checkDyldInfoCommand(this, Load, I, &DyldInfoLoadCmd,
                                       "LC_DYLD_INFO")))
diff --git a/test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size b/test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size
new file mode 100644
index 00000000000..1460dd2c1ae
Binary files /dev/null and b/test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size differ
diff --git a/test/Object/Inputs/macho-invalid-function_starts-dataoff b/test/Object/Inputs/macho-invalid-function_starts-dataoff
new file mode 100644
index 00000000000..4913a85776c
Binary files /dev/null and b/test/Object/Inputs/macho-invalid-function_starts-dataoff differ
diff --git a/test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize b/test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize
new file mode 100644
index 00000000000..75fefd9c9e6
Binary files /dev/null and b/test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize differ
diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test
index 64899d76126..b1689b6b12d 100644
--- a/test/Object/macho-invalid.test
+++ b/test/Object/macho-invalid.test
@@ -289,3 +289,12 @@ INVALID-UUID-MORE-THAN-ONE: macho-invalid-uuid-more-than-one': truncated or malf
 
 RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-uuid-bad-size  2>&1 | FileCheck -check-prefix INVALID-UUID-BAD-SIZE %s
 INVALID-UUID-BAD-SIZE: macho-invalid-uuid-bad-size': truncated or malformed object (LC_UUID command 0 has incorrect cmdsize)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-function_starts-dataoff  2>&1 | FileCheck -check-prefix INVALID-FUNCTION_STARTS-DATAOFF %s
+INVALID-FUNCTION_STARTS-DATAOFF: macho-invalid-function_starts-dataoff': truncated or malformed object (dataoff field of LC_FUNCTION_STARTS command 0 extends past the end of the file)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-splitinfo-dataoff-datasize  2>&1 | FileCheck -check-prefix INVALID-SPLITINFO-DATAOFF-DATASIZE %s
+INVALID-SPLITINFO-DATAOFF-DATASIZE: macho-invalid-splitinfo-dataoff-datasize': truncated or malformed object (dataoff field plus datasize field of LC_SEGMENT_SPLIT_INFO command 0 extends past the end of the file)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib_code_sign_drs-bad-size  2>&1 | FileCheck -check-prefix INVALID-DYLIB_CODE_SIGN_DRS-BAD-SIZE %s
+INVALID-DYLIB_CODE_SIGN_DRS-BAD-SIZE: macho-invalid-dylib_code_sign_drs-bad-size': truncated or malformed object (LC_DYLIB_CODE_SIGN_DRS command 0 has incorrect cmdsize)