[Object/ELF] - Fixed behavior when SectionHeaderTable->sh_size is too large.

Elf.h already has code checking that section table does not go past end of file.
Problem is that this check may not work on values greater than UINT64_MAX / Header->e_shentsize
because of calculation overflow.

Parch fixes the issue.

Differential revision: https://reviews.llvm.org/D25432

llvm-svn: 285285
This commit is contained in:
George Rimar 2016-10-27 11:50:04 +00:00
parent 9ee5fd9330
commit 2f2500e562
3 changed files with 9 additions and 0 deletions

View File

@ -347,6 +347,12 @@ ELFFile<ELFT>::ELFFile(StringRef Object, std::error_code &EC)
// The getNumSections() call below depends on SectionHeaderTable being set. // The getNumSections() call below depends on SectionHeaderTable being set.
SectionHeaderTable = SectionHeaderTable =
reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset); reinterpret_cast<const Elf_Shdr *>(base() + SectionTableOffset);
if (getNumSections() > UINT64_MAX / Header->e_shentsize) {
// Section table goes past end of file!
EC = object_error::parse_failed;
return;
}
const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize; const uint64_t SectionTableSize = getNumSections() * Header->e_shentsize;
if (SectionTableOffset + SectionTableSize > FileSize) { if (SectionTableOffset + SectionTableSize > FileSize) {

Binary file not shown.

View File

@ -76,3 +76,6 @@ INVALID-SEC-ADDRESS-ALIGNMENT: Invalid data was encountered while parsing the fi
RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \ RUN: not llvm-readobj -t %p/Inputs/invalid-section-size2.elf 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s RUN: FileCheck --check-prefix=INVALID-SECTION-SIZE2 %s
INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file. INVALID-SECTION-SIZE2: Invalid data was encountered while parsing the file.
RUN: not llvm-readobj -t %p/Inputs/invalid-sections-num.elf 2>&1 | FileCheck --check-prefix=INVALID-SECTION-NUM %s
INVALID-SECTION-NUM: Invalid data was encountered while parsing the file.