From: George Rimar <grimar@accesssoftek.com>
Date: Tue, 4 Oct 2016 09:25:39 +0000 (+0000)
Subject: [Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cd988cd5813bc9d89a11824e1f00b666603826a3;p=llvm

[Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.

Previously code would access invalid memory and may crash,
patch fixes the issue.

Differential revision: https://reviews.llvm.org/D25187

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283204 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h
index b08b427b811..586f9d643c3 100644
--- a/include/llvm/Object/ELF.h
+++ b/include/llvm/Object/ELF.h
@@ -137,6 +137,8 @@ public:
   const Elf_Rela *rela_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rela))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rela *>(base() + sec->sh_offset);
   }
 
@@ -154,6 +156,8 @@ public:
   const Elf_Rel *rel_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rel))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rel *>(base() + sec->sh_offset);
   }
 
diff --git a/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386
new file mode 100644
index 00000000000..84fcd0d1d00
Binary files /dev/null and b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 differ
diff --git a/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64
new file mode 100644
index 00000000000..aae6c1e9c1c
Binary files /dev/null and b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 differ
diff --git a/test/Object/invalid.test b/test/Object/invalid.test
index e19583d4be1..2d5e0e27440 100644
--- a/test/Object/invalid.test
+++ b/test/Object/invalid.test
@@ -58,3 +58,9 @@ INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.
 RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s
 INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index
+
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset