From cd988cd5813bc9d89a11824e1f00b666603826a3 Mon Sep 17 00:00:00 2001 From: George Rimar Date: Tue, 4 Oct 2016 09:25:39 +0000 Subject: [PATCH] [Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section. Previously code would access invalid memory and may crash, patch fixes the issue. Differential revision: https://reviews.llvm.org/D25187 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283204 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/llvm/Object/ELF.h | 4 ++++ .../invalid-relocation-sec-sh_offset.elf-i386 | Bin 0 -> 358 bytes .../invalid-relocation-sec-sh_offset.elf-x86-64 | Bin 0 -> 543 bytes test/Object/invalid.test | 6 ++++++ 4 files changed, 10 insertions(+) create mode 100644 test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 create mode 100644 test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h index b08b427b811..586f9d643c3 100644 --- a/include/llvm/Object/ELF.h +++ b/include/llvm/Object/ELF.h @@ -137,6 +137,8 @@ public: const Elf_Rela *rela_begin(const Elf_Shdr *sec) const { if (sec->sh_entsize != sizeof(Elf_Rela)) report_fatal_error("Invalid relocation entry size"); + if (sec->sh_offset >= Buf.size()) + report_fatal_error("Invalid relocation entry offset"); return reinterpret_cast(base() + sec->sh_offset); } @@ -154,6 +156,8 @@ public: const Elf_Rel *rel_begin(const Elf_Shdr *sec) const { if (sec->sh_entsize != sizeof(Elf_Rel)) report_fatal_error("Invalid relocation entry size"); + if (sec->sh_offset >= Buf.size()) + report_fatal_error("Invalid relocation entry offset"); return reinterpret_cast(base() + sec->sh_offset); } diff --git a/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386 new file mode 100644 index 0000000000000000000000000000000000000000..84fcd0d1d006794b1b36814c1cebfd5529b832eb GIT binary patch literal 358 zcmah?F%H5&49iidKwVfE*+61CG4KF7l!;G(REYtW_6C@E`eCcJ$W}{M;>1qA&GiyO zFd-$cXInxSpgh!Da0UuTEY}dcNgqAb w8<1JyjHT{yroKY&eKi()g`AHgX8do?2E?v?#?-!(#s1N!F5T|vR6j53AO61+6#xJL literal 0 HcmV?d00001 diff --git a/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 b/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 new file mode 100644 index 0000000000000000000000000000000000000000..aae6c1e9c1c0cf85386544c403dc73379db39769 GIT binary patch literal 543 zcmb<-^>JfjWMqH=Mg}_u1P><4z~F#jLfH-sYz(YOqU15zfZ9OzfoNoK0O|-9WI-Ss z-EAN~x*Cv{|NsAkC=T)#N~kEOi(q*)B~tum^zRhAR!K@BAB=skPk8& z9sGdmN468B2A$6X6vL+fCsd&tn!)J$kavaT)m>yoJ75n)QS=Yz2c1GlA@Bt MBp?e$SLTBF0QN){&Hw-a literal 0 HcmV?d00001 diff --git a/test/Object/invalid.test b/test/Object/invalid.test index e19583d4be1..2d5e0e27440 100644 --- a/test/Object/invalid.test +++ b/test/Object/invalid.test @@ -58,3 +58,9 @@ INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file. RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 | \ RUN: FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index + +RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s +RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s +INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset -- 2.50.0