This is an archive of the discontinued LLVM Phabricator instance.

Differential D147931

[ARM] Fix null pointer dereferences in ARMMachObjectWriter::recordRelocation()
ClosedPublic

Authored by SweetVishnya on Apr 10 2023, 4:28 AM.

Details

Reviewers
MaskRay
sbc100
chandlerc
SjoerdMeijer
samtebbs
ostannard
dmgreen
Commits
rG9a564a61a281: [ARM] ARMMachObjectWriter::recordRelocation: reduce strength on a condition
Summary

Bugs were found by Svace static analysis tool. A can be a null pointer.
It is checked in some places. However, there are still some missing
checks.

Diff Detail

Event Timeline

SweetVishnya created this revision.Apr 10 2023, 4:28 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 10 2023, 4:28 AM
Herald added subscribers: hiraditya, kristof.beyls. · View Herald Transcript
SweetVishnya requested review of this revision.Apr 10 2023, 4:28 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 10 2023, 4:28 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B224549: Diff 512115.Apr 10 2023, 7:59 AM
samtebbs added a comment.Apr 11 2023, 2:18 AM

Thanks sweetvishnya, this looks worthwhile. Do you have the link for a github issue for this?

SweetVishnya added a comment.Apr 11 2023, 2:20 AM
In D147931#4257478, @samtebbs wrote:

Thanks sweetvishnya, this looks worthwhile. Do you have the link for a github issue for this?

I didn't create any issues on GitHub. Do I need to create a new issue for this bug?

dmgreen added a comment.Apr 12 2023, 12:16 AM

I'm not sure A can be null here. Either getSymB will be true (handled above) or isAbsolute will be true. Else A should have a value, if Im reading it correctly.

SweetVishnya added a comment.Apr 12 2023, 1:29 AM
In D147931#4260122, @dmgreen wrote:

I'm not sure A can be null here. Either getSymB will be true (handled above) or isAbsolute will be true. Else A should have a value, if Im reading it correctly.

The bug was reported by a static analyzer because A is checked for null in line 419. But I am not really familiar with the code here.

MaskRay requested changes to this revision.Apr 12 2023, 6:57 PM
This revision now requires changes to proceed.Apr 12 2023, 6:57 PM
MaskRay added a comment.Apr 12 2023, 6:58 PM

This is a false positive case of the static analyzer.

dmgreen added a comment.Apr 12 2023, 11:55 PM

If you wanted to add an assert or change the condition of the if (Target.isAbsolute()) to if (!A) then I wouldn't be against it, providing there was a comment to explain that meant isAbsolute. But yes, this looks like a false positive.

SweetVishnya updated this revision to Diff 513118.Apr 13 2023, 2:07 AM

Add !A check as @dmgreen suggested

This will suppress static analyzer warnings.

Harbormaster completed remote builds in B225279: Diff 513118.Apr 13 2023, 3:37 AM
dmgreen accepted this revision.Apr 13 2023, 8:43 AM

Thanks. One minor suggestion but otherwise Sounds OK to me.

llvm/lib/Target/ARM/MCTargetDesc/ARMMachObjectWriter.cpp
431

Can you add This is Target.isAbsolute() case as we check SymB above. ..

SweetVishnya updated this revision to Diff 513490.Apr 14 2023, 1:59 AM

@dmgreen, I fixed the comment. @MaskRay, do you agree with current resolution?

Harbormaster completed remote builds in B225537: Diff 513490.Apr 14 2023, 3:01 AM
MaskRay accepted this revision.Apr 14 2023, 3:19 PM
This revision is now accepted and ready to land.Apr 14 2023, 3:19 PM
SweetVishnya added a comment.May 9 2023, 2:13 PM

So, can we push this patch to main branch?

This revision was landed with ongoing or failed builds.May 9 2023, 2:40 PM
Closed by commit rG9a564a61a281: [ARM] ARMMachObjectWriter::recordRelocation: reduce strength on a condition (authored by SweetVishnya, committed by MaskRay). · Explain Why
This revision was automatically updated to reflect the committed changes.
MaskRay added a commit: rG9a564a61a281: [ARM] ARMMachObjectWriter::recordRelocation: reduce strength on a condition.

Revision Contents

PathSize
llvm/
lib/
Target/
ARM/
MCTargetDesc/
6 lines

Diff 520822

llvm/lib/Target/ARM/MCTargetDesc/ARMMachObjectWriter.cpp

Show First 20 LinesShow All 421 Lines▼ Show 20 Lines return RecordARMScatteredRelocation(Writer, Asm, Layout, Fragment, Fixup,
FixedValue); FixedValue);
// See <reloc.h>. // See <reloc.h>.
uint32_t FixupOffset = Layout.getFragmentOffset(Fragment)+Fixup.getOffset(); uint32_t FixupOffset = Layout.getFragmentOffset(Fragment)+Fixup.getOffset();
unsigned Index = 0; unsigned Index = 0;
unsigned Type = 0; unsigned Type = 0;
const MCSymbol *RelSymbol = nullptr; const MCSymbol *RelSymbol = nullptr;
if (Target.isAbsolute()) { // constant if (!A) { // constant
// FIXME! // FIXME! This is Target.isAbsolute() case as we check SymB above. We check
dmgreenUnsubmitted
Not Done
ReplyInline Actions

Can you add This is Target.isAbsolute() case as we check SymB above. ..

dmgreen: Can you add `This is Target.isAbsolute() case as we check SymB above. ..`
// !A to ensure that null pointer isn't dereferenced and suppress static
// analyzer warnings.
report_fatal_error("FIXME: relocations to absolute targets " report_fatal_error("FIXME: relocations to absolute targets "
"not yet implemented"); "not yet implemented");
} else { } else {
// Resolve constant variables. // Resolve constant variables.
if (A->isVariable()) { if (A->isVariable()) {
int64_t Res; int64_t Res;
if (A->getVariableValue()->evaluateAsAbsolute( if (A->getVariableValue()->evaluateAsAbsolute(
Res, Layout, Writer->getSectionAddressMap())) { Res, Layout, Writer->getSectionAddressMap())) {
▲ Show 20 LinesShow All 70 LinesShow Last 20 Lines