This is an archive of the discontinued LLVM Phabricator instance.

Differential D138891

[MachO] Prevent overflow on 32-bit platforms when calculating load command offsets
AcceptedPublic

Authored by awilfox on Nov 28 2022, 8:22 PM.

Details

Reviewers
alexander-shaposhnikov
oontvoo
jyknight
MaskRay
Summary

This prevents overflow which can lead to llvm-objdump incorrectly accepting a malformed MachO file. This in turn caused the LLVM test suite to segfault on 32-bit Linux/musl platforms (since pointers are allocated in high memory on musl).

Fixes GitHub #56746.

Diff Detail

Event Timeline

awilfox created this revision.Nov 28 2022, 8:22 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 28 2022, 8:22 PM
Herald added subscribers: StephenFan, hiraditya. · View Herald Transcript
awilfox requested review of this revision.Nov 28 2022, 8:22 PM
Herald added a subscriber: llvm-commits. · View Herald TranscriptNov 28 2022, 8:22 PM
awilfox added a comment.Nov 28 2022, 8:24 PM

This was my solution to the related changeset D138830. It simplifies the logic a lot compared to that revision while still ensuring no overflow during calculation. I did not see the other overflows so perhaps it may be better to merge the two in some way. I'm not sure how to do that in Phabricator.

Harbormaster completed remote builds in B199923: Diff 478447.Nov 28 2022, 8:46 PM
oontvoo added a comment.Nov 30 2022, 12:39 PM
In D138891#3955930, @awilfox wrote:

This was my solution to the related changeset D138830. It simplifies the logic a lot compared to that revision while still ensuring no overflow during calculation. I did not see the other overflows so perhaps it may be better to merge the two in some way. I'm not sure how to do that in Phabricator.

sorry, missed this revision/comment previously. I agree that this is simpler change, but I was hoping to fix the other potential overflows too . (Ack'ed that D138830. makes the code a bit ugly :\ .... open to other suggestions, tho)

MaskRay accepted this revision.Nov 30 2022, 8:05 PM

LGTM.

This revision is now accepted and ready to land.Nov 30 2022, 8:05 PM

Revision Contents

PathSize
llvm/
lib/
Object/
3 lines

Diff 478447

llvm/lib/Object/MachOObjectFile.cpp

Context not available.
getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr, getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr,
uint32_t LoadCommandIndex) { uint32_t LoadCommandIndex) {
if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) { if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) {
if (CmdOrErr->cmdsize + Ptr > Obj.getData().end()) uint64_t Offset = Ptr - Obj.getData().begin();
if (CmdOrErr->cmdsize + Offset > Obj.getData().size())
return malformedError("load command " + Twine(LoadCommandIndex) + return malformedError("load command " + Twine(LoadCommandIndex) +
" extends past end of file"); " extends past end of file");
if (CmdOrErr->cmdsize < 8) if (CmdOrErr->cmdsize < 8)
Context not available.