This is an archive of the discontinued LLVM Phabricator instance.

Differential D15532

[ELF] - implement support of extended length field for CIE/FDE records of eh_frame.
ClosedPublic

Authored by grimar on Dec 15 2015, 8:49 AM.

Details

Reviewers
ruiu
rafael
Commits
rG003be4fd587c: [ELF] - implement support of extended length field for CIE/FDE records of…
rLLD255883: [ELF] - implement support of extended length field for CIE/FDE records of…
rL255883: [ELF] - implement support of extended length field for CIE/FDE records of…
Summary

Problem here in the next part of code:

void EHOutputSection<ELFT>::addSectionAux(
    EHInputSection<ELFT> *S,
    iterator_range<const Elf_Rel_Impl<ELFT, IsRela> *> Rels) {
...
    uint32_t Length = read32<E>(D.data());
    Length += 4;
...

Ian Lance Taylor writes: "Read 4 bytes. If they are not 0xffffffff, they are the length of the CIE or FDE record. Otherwise the next 64 bits holds the length, and this is a 64-bit DWARF format. This is like .debug_frame." (http://www.airs.com/blog/archives/460), that also consistent with spec (https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-PDA/LSB-PDA/ehframechpt.html).

When length was 0xffffffff overflow happened and code executed forward without any error here, failing much later.
Patch implements support of described extended length field and also adds few more checks for safety.

Diff Detail

Repository
rL LLVM

Event Timeline

grimar updated this revision to Diff 42863.Dec 15 2015, 8:49 AM
grimar retitled this revision from to [ELF] - implement support of extended length field for CIE/FDE records of eh_frame..
grimar updated this object.
grimar added reviewers: ruiu, rafael.
grimar added subscribers: llvm-commits, grimar.
emaste added a subscriber: emaste.Dec 15 2015, 10:01 AM

Looks reasonable. How about a test for successful Is64Dwarf though?

ruiu added inline comments.Dec 15 2015, 11:54 AM
ELF/OutputSections.cpp
1001–1002 ↗(On Diff #42863)

Can you return early if it's 32 bit?

uint64_t Len = read32<E>(D.data());
if (Len < UINT32_MAX) {
  if (Len > D.size())
    error("CIE/FIE ends past the end of the section");
  return Len + 4;
}
if (D.size() < 12)
  error("Truncated CIE/FDE length");
Len = read64<E>(D.data() + 4);
if (Len > D.size())
  error("CIE/FIE ends past the end of the section");
return Len + 12;
ELF/OutputSections.h
304 ↗(On Diff #42863)

ArrayRef is usually supposed to be passed by value as it's basically a pointer to an array.

grimar updated this revision to Diff 42969.Dec 16 2015, 1:11 AM
  • Review commend addressed.
  • Added test for valid 64 bit CIE/FDE record size.
  • Fixed invalid-cie-length5.s test.
grimar added a comment.Dec 16 2015, 1:11 AM
In D15532#311052, @emaste wrote:

Looks reasonable. How about a test for successful Is64Dwarf though?

Added test.

ELF/OutputSections.cpp
1001–1002 ↗(On Diff #42863)

Done.

ELF/OutputSections.h
304 ↗(On Diff #42863)

Ok, removed &.

ruiu accepted this revision.Dec 16 2015, 10:50 AM
ruiu edited edge metadata.

LGTM

This revision is now accepted and ready to land.Dec 16 2015, 10:50 AM
Closed by commit rL255883: [ELF] - implement support of extended length field for CIE/FDE records of… (authored by grimar). · Explain WhyDec 17 2015, 1:27 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

Diff 43107

lld/trunk/ELF/OutputSections.h

Show First 20 LinesShow All 295 Lines▼ Show 20 Linespublic:
void addSectionAux( void addSectionAux(
EHInputSection<ELFT> *S, EHInputSection<ELFT> *S,
llvm::iterator_range<const llvm::object::Elf_Rel_Impl<ELFT, IsRela> *> llvm::iterator_range<const llvm::object::Elf_Rel_Impl<ELFT, IsRela> *>
Rels); Rels);
void addSection(EHInputSection<ELFT> *S); void addSection(EHInputSection<ELFT> *S);
private: private:
uintX_t readEntryLength(ArrayRef<uint8_t> D);
std::vector<EHInputSection<ELFT> *> Sections; std::vector<EHInputSection<ELFT> *> Sections;
std::vector<Cie<ELFT>> Cies; std::vector<Cie<ELFT>> Cies;
// Maps CIE content + personality to a index in Cies. // Maps CIE content + personality to a index in Cies.
llvm::DenseMap<std::pair<StringRef, StringRef>, unsigned> CieMap; llvm::DenseMap<std::pair<StringRef, StringRef>, unsigned> CieMap;
}; };
template <class ELFT> template <class ELFT>
▲ Show 20 LinesShow All 152 LinesShow Last 20 Lines

lld/trunk/ELF/OutputSections.cpp

Show First 20 LinesShow All 937 Lines▼ Show 20 Linesvoid EHOutputSection<ELFT>::addSectionAux(
ArrayRef<uint8_t> SecData = S->getSectionData(); ArrayRef<uint8_t> SecData = S->getSectionData();
ArrayRef<uint8_t> D = SecData; ArrayRef<uint8_t> D = SecData;
uintX_t Offset = 0; uintX_t Offset = 0;
auto RelI = Rels.begin(); auto RelI = Rels.begin();
auto RelE = Rels.end(); auto RelE = Rels.end();
DenseMap<unsigned, unsigned> OffsetToIndex; DenseMap<unsigned, unsigned> OffsetToIndex;
while (!D.empty()) { while (!D.empty()) {
if (D.size() < 4)
error("Truncated CIE/FDE length");
uint32_t Length = read32<E>(D.data());
Length += 4;
unsigned Index = S->Offsets.size(); unsigned Index = S->Offsets.size();
S->Offsets.push_back(std::make_pair(Offset, -1)); S->Offsets.push_back(std::make_pair(Offset, -1));
if (Length > D.size()) uintX_t Length = readEntryLength(D);
error("CIE/FIE ends past the end of the section");
StringRef Entry((const char *)D.data(), Length); StringRef Entry((const char *)D.data(), Length);
while (RelI != RelE && RelI->r_offset < Offset) while (RelI != RelE && RelI->r_offset < Offset)
++RelI; ++RelI;
uintX_t NextOffset = Offset + Length; uintX_t NextOffset = Offset + Length;
bool HasReloc = RelI != RelE && RelI->r_offset < NextOffset; bool HasReloc = RelI != RelE && RelI->r_offset < NextOffset;
uint32_t ID = read32<E>(D.data() + 4); uint32_t ID = read32<E>(D.data() + 4);
Show All 30 Lines while (!D.empty()) {
} }
Offset = NextOffset; Offset = NextOffset;
D = D.slice(Length); D = D.slice(Length);
} }
} }
template <class ELFT> template <class ELFT>
typename EHOutputSection<ELFT>::uintX_t
EHOutputSection<ELFT>::readEntryLength(ArrayRef<uint8_t> D) {
const endianness E = ELFT::TargetEndianness;
if (D.size() < 4)
error("Truncated CIE/FDE length");
uint64_t Len = read32<E>(D.data());
if (Len < UINT32_MAX) {
if (Len > (UINT32_MAX - 4))
error("CIE/FIE size is too large");
if (Len + 4 > D.size())
error("CIE/FIE ends past the end of the section");
return Len + 4;
}
if (D.size() < 12)
error("Truncated CIE/FDE length");
Len = read64<E>(D.data() + 4);
if (Len > (UINT64_MAX - 12))
error("CIE/FIE size is too large");
if (Len + 12 > D.size())
error("CIE/FIE ends past the end of the section");
return Len + 12;
}
template <class ELFT>
void EHOutputSection<ELFT>::addSection(EHInputSection<ELFT> *S) { void EHOutputSection<ELFT>::addSection(EHInputSection<ELFT> *S) {
const Elf_Shdr *RelSec = S->RelocSection; const Elf_Shdr *RelSec = S->RelocSection;
if (!RelSec) if (!RelSec)
return addSectionAux( return addSectionAux(
S, make_range((const Elf_Rela *)nullptr, (const Elf_Rela *)nullptr)); S, make_range((const Elf_Rela *)nullptr, (const Elf_Rela *)nullptr));
ELFFile<ELFT> &Obj = S->getFile()->getObj(); ELFFile<ELFT> &Obj = S->getFile()->getObj();
if (RelSec->sh_type == SHT_RELA) if (RelSec->sh_type == SHT_RELA)
return addSectionAux(S, Obj.relas(RelSec)); return addSectionAux(S, Obj.relas(RelSec));
▲ Show 20 LinesShow All 483 LinesShow Last 20 Lines

lld/trunk/test/ELF/invalid-cie-length3.s

// REQUIRES: x86
// RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t
// RUN: not ld.lld %t -o %t2 2>&1 | FileCheck %s
.section .eh_frame
.long 0xFFFFFFFC
// CHECK: CIE/FIE size is too large

lld/trunk/test/ELF/invalid-cie-length4.s

// REQUIRES: x86
// RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t
// RUN: not ld.lld %t -o %t2 2>&1 | FileCheck %s
.section .eh_frame
.long 0xFFFFFFFF
.byte 0
// CHECK: Truncated CIE/FDE length

lld/trunk/test/ELF/invalid-cie-length5.s

// REQUIRES: x86
// RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t
// RUN: not ld.lld %t -o %t2 2>&1 | FileCheck %s
.section .eh_frame
.long 0xFFFFFFFF
.quad 0xFFFFFFFFFFFFFFF4
// CHECK: CIE/FIE size is too large

lld/trunk/test/ELF/valid-cie-length-dw64.s

// REQUIRES: x86
// RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t
// RUN: not ld.lld %t -o %t2 2>&1 | FileCheck %s
.section .eh_frame
.long 0xFFFFFFFF
.quad 1
nop
// CHECK-NOT: Truncated CIE/FDE length
// CHECK-NOT: CIE/FIE size is too large
// CHECK-NOT: CIE/FIE ends past the end of the section