From 629b8be51be2ebbf91ad9a4f6e42c8e0202db271 Mon Sep 17 00:00:00 2001
From: Rafael Espindola <rafael.espindola@gmail.com>
Date: Thu, 5 Oct 2017 20:01:32 +0000
Subject: [PATCH] Added phdr upper bound checks to ElfObject.

Ensure the program_headers call will fail correctly if the program
headers are larger than the underlying buffer.

Patch by Parker Thompson!

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315012 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/Object/ELF.h           |   4 ++++
 test/Object/Inputs/invalid-phdr.elf | Bin 0 -> 4162 bytes
 test/Object/elf-invalid-phdr.test   |  26 ++++++++++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 test/Object/Inputs/invalid-phdr.elf
 create mode 100644 test/Object/elf-invalid-phdr.test

diff --git a/include/llvm/Object/ELF.h b/include/llvm/Object/ELF.h
index 670c0bbce3a..c3bfa7be289 100644
--- a/include/llvm/Object/ELF.h
+++ b/include/llvm/Object/ELF.h
@@ -144,6 +144,10 @@ public:
   Expected<Elf_Phdr_Range> program_headers() const {
     if (getHeader()->e_phnum && getHeader()->e_phentsize != sizeof(Elf_Phdr))
       return createError("invalid e_phentsize");
+    if (getHeader()->e_phoff +
+            (getHeader()->e_phnum * getHeader()->e_phentsize) >
+        getBufSize())
+      return createError("program headers longer than binary");
     auto *Begin =
         reinterpret_cast<const Elf_Phdr *>(base() + getHeader()->e_phoff);
     return makeArrayRef(Begin, Begin + getHeader()->e_phnum);
diff --git a/test/Object/Inputs/invalid-phdr.elf b/test/Object/Inputs/invalid-phdr.elf
new file mode 100644
index 0000000000000000000000000000000000000000..8a5cc53cc94bdcb4f2101f07f6b44ee2e26fd969
GIT binary patch
literal 4162
zcmeH@F%H5o3`O12LdUSdMlaBr33Y*qOMryL!a_5YiTm`D!47t*A|_aWr0D0{-%0eI
z`{N<cGP0G^jy{ekgb-W31z20!a;Bw{ikK~>=QQAkA)efOu+XyUnA7^NB7c-UPcP7a
zjPF_B{-=J;np<z8mF8Ajo3Y9}m3pf$*-I~78=aprluYUuT>Ca(>wKMDoX#h0SP%dK
n5C8!X009sH0T2KI5C8!X_>(~6FTJOxyLSHWPiH=vK5pV)DLWOp

literal 0
HcmV?d00001

diff --git a/test/Object/elf-invalid-phdr.test b/test/Object/elf-invalid-phdr.test
new file mode 100644
index 00000000000..aef1772588e
--- /dev/null
+++ b/test/Object/elf-invalid-phdr.test
@@ -0,0 +1,26 @@
+# invalid-phdr.elf is generated by creating a simple elf file with yaml2obj:
+# !ELF
+# FileHeader:
+#   Class:           ELFCLASS64
+#   Data:            ELFDATA2LSB
+#   Type:            ET_EXEC
+#   Machine:         EM_X86_64
+# Sections:
+#   - Name:            .text
+#     Type:            SHT_PROGBITS
+#     Flags:           [ SHF_ALLOC, SHF_EXECINSTR ]
+#     AddressAlign:    0x0000000000001000
+#     Content:         "00000000"
+# ProgramHeaders:
+#   - Type: PT_LOAD
+#     Flags: [ PF_X, PF_R ]
+#     VAddr: 0xAAAA1000
+#     PAddr: 0xFFFF1000
+#     Sections:
+#       - Section: .text
+#
+# Then editing the e_phoff in with a hexeditor to set it to 0xffffff
+RUN: not llvm-objdump -private-headers %p/Inputs/invalid-phdr.elf 2>&1 \
+RUN:         | FileCheck %s
+
+CHECK: LLVM ERROR: Invalid data was encountered while parsing the file
-- 
2.11.0