OSDN Git Service

(root) / android-x86 / external-llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ebe9c2)
[Object/ELF] - Do not crash on invalid section index.
authorGeorge Rimar <grimar@accesssoftek.com>
Mon, 17 Oct 2016 09:30:06 +0000 (09:30 +0000)
committerGeorge Rimar <grimar@accesssoftek.com>
Mon, 17 Oct 2016 09:30:06 +0000 (09:30 +0000)
If object has wrong (large) string table index and
also incorrect large value for amount of sections in total,
then section index passes the check:

  if (Index >= getNumSections())
    return object_error::invalid_section_index;

But result pointer then is far after end of file data, what
result in a crash.

Differential revision: https://reviews.llvm.org/D25081

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284369 91177308-0d34-0410-b5e6-96231b3b80d8

include/llvm/Object/ELF.h patch | blob | history
test/Object/Inputs/invalid-section-index2.elf [new file with mode: 0644] patch | blob
test/Object/invalid.test patch | blob | history

diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h
index c06fa75..31f42f5 100644 (file)
--- a/include/llvm/Object/ELF.h
+++ b/include/llvm/Object/ELF.h
@@ -399,9 +399,11 @@ ELFFile<ELFT>::getSection(uint32_t Index) const {
   if (Index >= getNumSections())
     return object_error::invalid_section_index;
 
-  return reinterpret_cast<const Elf_Shdr *>(
-      reinterpret_cast<const char *>(SectionHeaderTable) +
-      (Index * Header->e_shentsize));
+  const uint8_t *Addr = reinterpret_cast<const uint8_t *>(SectionHeaderTable) +
+                        (Index * Header->e_shentsize);
+  if (Addr >= base() + getBufSize())
+    return object_error::invalid_section_index;
+  return reinterpret_cast<const Elf_Shdr *>(Addr);
 }
 
 template <class ELFT>
diff --git a/test/Object/Inputs/invalid-section-index2.elf b/test/Object/Inputs/invalid-section-index2.elf
new file mode 100644 (file)
index 0000000..7667637
Binary files /dev/null and b/test/Object/Inputs/invalid-section-index2.elf differ
diff --git a/test/Object/invalid.test b/test/Object/invalid.test
index 9f55874..d940789 100644 (file)
--- a/test/Object/invalid.test
+++ b/test/Object/invalid.test
@@ -41,7 +41,7 @@ RUN: not llvm-readobj --dyn-symbols %p/Inputs/invalid-sh_entsize.elf 2>&1 | File
 INVALID-DYNSYM-SIZE: Invalid entity size
 
 RUN: not llvm-readobj -t %p/Inputs/invalid-section-index.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s
-
+RUN: not llvm-readobj -t %p/Inputs/invalid-section-index2.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-INDEX %s
 INVALID-SECTION-INDEX: Invalid section index
 
 RUN: not llvm-readobj -s %p/Inputs/invalid-section-size.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-SIZE %s
external/llvm
About OSDN
Find Software
Develop Software
Help