From 851d92e2331a9bc60e5a5037bca443c3579f7ca0 Mon Sep 17 00:00:00 2001 From: Kevin Enderby Date: Mon, 26 Sep 2016 21:11:03 +0000 Subject: [PATCH] Next set of additional error checks for invalid Mach-O files for the other load commands that use the Mach::linkedit_data_command type but not used in llvm libObject code but used in llvm tool code. This includes LC_FUNCTION_STARTS, LC_SEGMENT_SPLIT_INFO and LC_DYLIB_CODE_SIGN_DRS load commands. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282441 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Object/MachOObjectFile.cpp | 15 +++++++++++++++ .../macho-invalid-dylib_code_sign_drs-bad-size | Bin 0 -> 48 bytes .../Inputs/macho-invalid-function_starts-dataoff | Bin 0 -> 44 bytes .../macho-invalid-splitinfo-dataoff-datasize | Bin 0 -> 44 bytes test/Object/macho-invalid.test | 9 +++++++++ 5 files changed, 24 insertions(+) create mode 100644 test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size create mode 100644 test/Object/Inputs/macho-invalid-function_starts-dataoff create mode 100644 test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp index da5a313f4b1..8fa4cd4fe27 100644 --- a/lib/Object/MachOObjectFile.cpp +++ b/lib/Object/MachOObjectFile.cpp @@ -673,6 +673,9 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, } const char *DyldIdLoadCmd = nullptr; + const char *FuncStartsLoadCmd = nullptr; + const char *SplitInfoLoadCmd = nullptr; + const char *CodeSignDrsLoadCmd = nullptr; for (unsigned I = 0; I < LoadCommandCount; ++I) { if (is64Bit()) { if (Load.C.cmdsize % 8 != 0) { @@ -708,6 +711,18 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, if ((Err = checkLinkeditDataCommand(this, Load, I, &LinkOptHintsLoadCmd, "LC_LINKER_OPTIMIZATION_HINT"))) return; + } else if (Load.C.cmd == MachO::LC_FUNCTION_STARTS) { + if ((Err = checkLinkeditDataCommand(this, Load, I, &FuncStartsLoadCmd, + "LC_FUNCTION_STARTS"))) + return; + } else if (Load.C.cmd == MachO::LC_SEGMENT_SPLIT_INFO) { + if ((Err = checkLinkeditDataCommand(this, Load, I, &SplitInfoLoadCmd, + "LC_SEGMENT_SPLIT_INFO"))) + return; + } else if (Load.C.cmd == MachO::LC_DYLIB_CODE_SIGN_DRS) { + if ((Err = checkLinkeditDataCommand(this, Load, I, &CodeSignDrsLoadCmd, + "LC_DYLIB_CODE_SIGN_DRS"))) + return; } else if (Load.C.cmd == MachO::LC_DYLD_INFO) { if ((Err = checkDyldInfoCommand(this, Load, I, &DyldInfoLoadCmd, "LC_DYLD_INFO"))) diff --git a/test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size b/test/Object/Inputs/macho-invalid-dylib_code_sign_drs-bad-size new file mode 100644 index 0000000000000000000000000000000000000000..1460dd2c1ae266fe370f7f37307421fb31016c42 GIT binary patch literal 48 gcmX^2>+L^w1_lOZAZCPO5g-i$+CU6rg9U&D0JN?I6951J literal 0 HcmV?d00001 diff --git a/test/Object/Inputs/macho-invalid-function_starts-dataoff b/test/Object/Inputs/macho-invalid-function_starts-dataoff new file mode 100644 index 0000000000000000000000000000000000000000..4913a85776c4a292c88dcc9a5d44af799cdff7a2 GIT binary patch literal 44 hcmX^2>+L^w1_lOZAZCPO0U!+mYCsHPn}9e#005;T1Udi! literal 0 HcmV?d00001 diff --git a/test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize b/test/Object/Inputs/macho-invalid-splitinfo-dataoff-datasize new file mode 100644 index 0000000000000000000000000000000000000000..75fefd9c9e6ead388a6c9afb02f728af32c46707 GIT binary patch literal 44 icmX^2>+L^w1_lOZAZCPO0U!+mazG4X>i{ti5CZ_Dk_0vY literal 0 HcmV?d00001 diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test index 64899d76126..b1689b6b12d 100644 --- a/test/Object/macho-invalid.test +++ b/test/Object/macho-invalid.test @@ -289,3 +289,12 @@ INVALID-UUID-MORE-THAN-ONE: macho-invalid-uuid-more-than-one': truncated or malf RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-uuid-bad-size 2>&1 | FileCheck -check-prefix INVALID-UUID-BAD-SIZE %s INVALID-UUID-BAD-SIZE: macho-invalid-uuid-bad-size': truncated or malformed object (LC_UUID command 0 has incorrect cmdsize) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-function_starts-dataoff 2>&1 | FileCheck -check-prefix INVALID-FUNCTION_STARTS-DATAOFF %s +INVALID-FUNCTION_STARTS-DATAOFF: macho-invalid-function_starts-dataoff': truncated or malformed object (dataoff field of LC_FUNCTION_STARTS command 0 extends past the end of the file) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-splitinfo-dataoff-datasize 2>&1 | FileCheck -check-prefix INVALID-SPLITINFO-DATAOFF-DATASIZE %s +INVALID-SPLITINFO-DATAOFF-DATASIZE: macho-invalid-splitinfo-dataoff-datasize': truncated or malformed object (dataoff field plus datasize field of LC_SEGMENT_SPLIT_INFO command 0 extends past the end of the file) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib_code_sign_drs-bad-size 2>&1 | FileCheck -check-prefix INVALID-DYLIB_CODE_SIGN_DRS-BAD-SIZE %s +INVALID-DYLIB_CODE_SIGN_DRS-BAD-SIZE: macho-invalid-dylib_code_sign_drs-bad-size': truncated or malformed object (LC_DYLIB_CODE_SIGN_DRS command 0 has incorrect cmdsize) -- 2.50.1