From 2431dc27202c2ec185220133f58a39dd438a1fba Mon Sep 17 00:00:00 2001 From: Kevin Enderby Date: Mon, 28 Nov 2016 22:40:50 +0000 Subject: [PATCH] Add error checking for Mach-O universal files. Add the checking for both the MachO::fat_header and the MachO::fat_arch struct values in the constructor for MachOUniversalBinary. Such that when the constructor for ObjectForArch is called it can assume the values in the MachO::fat_arch for the offset and size are contained in the file after the MachOUniversalBinary constructor is called for the Parent. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288084 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Object/MachOUniversal.cpp | 73 ++++++++++++++++-- .../Inputs/macho-invalid-fat-arch-badalign | Bin 0 -> 56 bytes .../Inputs/macho-invalid-fat-arch-bigalign | Bin 0 -> 56 bytes .../Inputs/macho-invalid-fat-arch-overlap | Bin 0 -> 104 bytes .../macho-invalid-fat-arch-overlapheaders | Bin 0 -> 104 bytes .../Object/Inputs/macho-invalid-fat-arch-size | Bin 0 -> 56 bytes .../Inputs/macho-invalid-fat-arch-twosame | Bin 0 -> 104 bytes test/Object/Inputs/macho-invalid-fat-header | Bin 0 -> 8 bytes test/Object/macho-invalid.test | 21 +++++ 9 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-badalign create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-bigalign create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-overlap create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-overlapheaders create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-size create mode 100644 test/Object/Inputs/macho-invalid-fat-arch-twosame create mode 100644 test/Object/Inputs/macho-invalid-fat-header diff --git a/lib/Object/MachOUniversal.cpp b/lib/Object/MachOUniversal.cpp index 9ab0ae656bf..7ddc427dede 100644 --- a/lib/Object/MachOUniversal.cpp +++ b/lib/Object/MachOUniversal.cpp @@ -42,6 +42,7 @@ static T getUniversalBinaryStruct(const char *Ptr) { MachOUniversalBinary::ObjectForArch::ObjectForArch( const MachOUniversalBinary *Parent, uint32_t Index) : Parent(Parent), Index(Index) { + // The iterators use Parent as a nullptr and an Index+1 == NumberOfObjects. if (!Parent || Index >= Parent->getNumberOfObjects()) { clear(); } else { @@ -51,16 +52,10 @@ MachOUniversalBinary::ObjectForArch::ObjectForArch( const char *HeaderPos = ParentData.begin() + sizeof(MachO::fat_header) + Index * sizeof(MachO::fat_arch); Header = getUniversalBinaryStruct(HeaderPos); - if (ParentData.size() < Header.offset + Header.size) { - clear(); - } } else { // Parent->getMagic() == MachO::FAT_MAGIC_64 const char *HeaderPos = ParentData.begin() + sizeof(MachO::fat_header) + Index * sizeof(MachO::fat_arch_64); Header64 = getUniversalBinaryStruct(HeaderPos); - if (ParentData.size() < Header64.offset + Header64.size) { - clear(); - } } } } @@ -131,6 +126,10 @@ MachOUniversalBinary::MachOUniversalBinary(MemoryBufferRef Source, Error &Err) getUniversalBinaryStruct(Buf.begin()); Magic = H.magic; NumberOfObjects = H.nfat_arch; + if (NumberOfObjects == 0) { + Err = malformedError("contains zero architecture types"); + return; + } uint32_t MinSize = sizeof(MachO::fat_header); if (Magic == MachO::FAT_MAGIC) MinSize += sizeof(MachO::fat_arch) * NumberOfObjects; @@ -146,6 +145,68 @@ MachOUniversalBinary::MachOUniversalBinary(MemoryBufferRef Source, Error &Err) " structs would extend past the end of the file"); return; } + for (uint32_t i = 0; i < NumberOfObjects; i++) { + ObjectForArch A(this, i); + uint64_t bigSize = A.getOffset(); + bigSize += A.getSize(); + if (bigSize > Buf.size()) { + Err = malformedError("offset plus size of cputype (" + + Twine(A.getCPUType()) + ") cpusubtype (" + + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") extends past the end of the file"); + return; + } +#define MAXSECTALIGN 15 /* 2**15 or 0x8000 */ + if (A.getAlign() > MAXSECTALIGN) { + Err = malformedError("align (2^" + Twine(A.getAlign()) + ") too large " + "for cputype (" + Twine(A.getCPUType()) + ") cpusubtype (" + + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") (maximum 2^" + Twine(MAXSECTALIGN) + ")"); + return; + } + if(A.getOffset() % (1 << A.getAlign()) != 0){ + Err = malformedError("offset: " + Twine(A.getOffset()) + + " for cputype (" + Twine(A.getCPUType()) + ") cpusubtype (" + + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") not aligned on it's alignment (2^" + Twine(A.getAlign()) + ")"); + return; + } + if (A.getOffset() < MinSize) { + Err = malformedError("cputype (" + Twine(A.getCPUType()) + ") " + "cpusubtype (" + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") offset " + Twine(A.getOffset()) + " overlaps universal headers"); + return; + } + } + for (uint32_t i = 0; i < NumberOfObjects; i++) { + ObjectForArch A(this, i); + for (uint32_t j = i + 1; j < NumberOfObjects; j++) { + ObjectForArch B(this, j); + if (A.getCPUType() == B.getCPUType() && + (A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) == + (B.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK)) { + Err = malformedError("contains two of the same architecture (cputype " + "(" + Twine(A.getCPUType()) + ") cpusubtype (" + + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + "))"); + return; + } + if ((A.getOffset() >= B.getOffset() && + A.getOffset() < B.getOffset() + B.getSize()) || + (A.getOffset() + A.getSize() > B.getOffset() && + A.getOffset() + A.getSize() < B.getOffset() + B.getSize()) || + (A.getOffset() <= B.getOffset() && + A.getOffset() + A.getSize() >= B.getOffset() + B.getSize())) { + Err = malformedError("cputype (" + Twine(A.getCPUType()) + ") " + "cpusubtype (" + Twine(A.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") at offset " + Twine(A.getOffset()) + " with a size of " + + Twine(A.getSize()) + ", overlaps cputype (" + Twine(B.getCPUType()) + + ") cpusubtype (" + Twine(B.getCPUSubType() & ~MachO::CPU_SUBTYPE_MASK) + + ") at offset " + Twine(B.getOffset()) + " with a size of " + + Twine(B.getSize())); + return; + } + } + } Err = Error::success(); } diff --git a/test/Object/Inputs/macho-invalid-fat-arch-badalign b/test/Object/Inputs/macho-invalid-fat-arch-badalign new file mode 100644 index 0000000000000000000000000000000000000000..da9f23ac49d17c4f96cd7c7a8369f18c8ec069be GIT binary patch literal 56 kcmX^0Z`VEs1_nkTW(Q(sAeMn*mUF+}{(}iJ0R@o(03K)uM*si- literal 0 HcmV?d00001 diff --git a/test/Object/Inputs/macho-invalid-fat-arch-bigalign b/test/Object/Inputs/macho-invalid-fat-arch-bigalign new file mode 100644 index 0000000000000000000000000000000000000000..6db7158fea61773b59a78cae0dad586f175f2d5a GIT binary patch literal 56 kcmX^0Z`VEs1_nkTW(Q(sAeMpRE9ZW_{Rb0d0tzAn05$js7XSbN literal 0 HcmV?d00001 diff --git a/test/Object/Inputs/macho-invalid-fat-arch-overlap b/test/Object/Inputs/macho-invalid-fat-arch-overlap new file mode 100644 index 0000000000000000000000000000000000000000..556a3a7345c878628dda814002369799a7b384fe GIT binary patch literal 104 wcmX^0Z`VEs1_mY|W(Q(cAT|JE86bv?5S02u%P9 literal 0 HcmV?d00001 diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test index b193ebb8c41..6370228e598 100644 --- a/test/Object/macho-invalid.test +++ b/test/Object/macho-invalid.test @@ -484,3 +484,24 @@ INVALID-LAZY_BIND-OVERLAP: macho-invalid-lazy_bind-overlap': truncated or malfor RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-export-overlap 2>&1 | FileCheck -check-prefix INVALID-EXPORT-OVERLAP %s INVALID-EXPORT-OVERLAP: macho-invalid-export-overlap': truncated or malformed object (dyld export info at offset 200 with a size of 32, overlaps dyld lazy bind info at offset 176 with a size of 32) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-header 2>&1 | FileCheck -check-prefix INVALID-FAT-HEADER %s +INVALID-FAT-HEADER: macho-invalid-fat-header': truncated or malformed fat file (contains zero architecture types) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-size 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-SIZE %s +INVALID-FAT-ARCH-SIZE: macho-invalid-fat-arch-size': truncated or malformed fat file (offset plus size of cputype (7) cpusubtype (3) extends past the end of the file) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-bigalign 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-BIGALIGN %s +INVALID-FAT-ARCH-BIGALIGN: macho-invalid-fat-arch-bigalign': truncated or malformed fat file (align (2^212) too large for cputype (7) cpusubtype (3) (maximum 2^15)) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-badalign 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-BADALIGN %s +INVALID-FAT-ARCH-BADALIGN: macho-invalid-fat-arch-badalign': truncated or malformed fat file (offset: 28 for cputype (7) cpusubtype (3) not aligned on it's alignment (2^4)) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-twosame 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-TWOSAME %s +INVALID-FAT-ARCH-TWOSAME: macho-invalid-fat-arch-twosame': truncated or malformed fat file (contains two of the same architecture (cputype (7) cpusubtype (3))) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-overlap 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-OVERLAP %s +INVALID-FAT-ARCH-OVERLAP: macho-invalid-fat-arch-overlap': truncated or malformed fat file (cputype (7) cpusubtype (5) at offset 48 with a size of 28, overlaps cputype (7) cpusubtype (3) at offset 52 with a size of 28) + +RUN: not llvm-objdump -macho -universal-headers %p/Inputs/macho-invalid-fat-arch-overlapheaders 2>&1 | FileCheck -check-prefix INVALID-FAT-ARCH-OVERLAPHEADERS %s +INVALID-FAT-ARCH-OVERLAPHEADERS: macho-invalid-fat-arch-overlapheaders': truncated or malformed fat file (cputype (7) cpusubtype (3) offset 12 overlaps universal headers) -- 2.50.1