This is an archive of the discontinued LLVM Phabricator instance.

Differential D24970

[ELF] - Fixed crash on invalid input.
ClosedPublic

Authored by grimar on Sep 27 2016, 9:56 AM.

Details

Reviewers
ruiu
davide
rafael
Commits
rG678bd05740d5: [ELF] - Fixed crash on invalid input.
rLLD282709: [ELF] - Fixed crash on invalid input.
rL282709: [ELF] - Fixed crash on invalid input.
Summary

I took the input from https://llvm.org/bugs/show_bug.cgi?id=30540, it was
"id_000000,sig_11,src_000000,op_flip1,pos_98"

File contains invalid symbol name offset (too large) and lld just crashes,
patch fixes the issue.

I wonder may be we want a separate folder for invalid input tests, like we have
for linkerscript ?

Diff Detail

Repository
rL LLVM

Event Timeline

grimar updated this revision to Diff 72670.Sep 27 2016, 9:56 AM
grimar retitled this revision from to [ELF] - Fixed crash on invalid output..
grimar updated this object.
grimar added reviewers: ruiu, rafael, davide.
grimar retitled this revision from [ELF] - Fixed crash on invalid output. to [ELF] - Fixed crash on invalid input..
grimar added subscribers: llvm-commits, grimar, evgeny777.
davide edited edge metadata.Sep 27 2016, 10:03 AM

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

grimar added a comment.Sep 27 2016, 10:04 AM
In D24970#554040, @davide wrote:

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

It is just 480 bytes, does it worth that you think ?

davide added a comment.Sep 27 2016, 10:05 AM
In D24970#554045, @grimar wrote:
In D24970#554040, @davide wrote:

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

It is just 480 bytes, does it worth that you think ?

If the test can be reduced, I don't see a reason why we shouldn't do it.

emaste added a subscriber: emaste.Sep 27 2016, 10:06 AM
In D24970#554040, @davide wrote:

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

Can we craft a test to exercise the invalid symbol name offset error instead?

grimar added a comment.Sep 27 2016, 10:15 AM
In D24970#554047, @davide wrote:
In D24970#554045, @grimar wrote:
In D24970#554040, @davide wrote:

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

It is just 480 bytes, does it worth that you think ?

If the test can be reduced, I don't see a reason why we shouldn't do it.

We have about 20 binaries already in input folder:
*.elf, *.o and *.so files, I think it is just hex-edited files.

I`ll try to craft test output using yaml2obj tomorrow for this.

grimar added a comment.Sep 28 2016, 2:23 AM
In D24970#554047, @davide wrote:
In D24970#554045, @grimar wrote:
In D24970#554040, @davide wrote:

I think the tests should live in a different directory, yes.
Also, you might want to try reducing this binary.

It is just 480 bytes, does it worth that you think ?

If the test can be reduced, I don't see a reason why we shouldn't do it.

So I do not know way how to craft the testcase for this without hex editor.
yaml2obj does not seem to have functionality to set Symbol st_name
which is offset in symtab, what is used in that patch. It has next code to set up
st_name:

Symbol.st_name = DotStrtab.getOffset(Sym.Name);

where DotStrtab is just a StringTableBuilder, so there is no way to set up huge offset manually from yaml.

Also it seems not possible to create own .symtab, when I put into yaml the following description:

Sections:
  - Name:            .strtab
    Type:            SHT_STRTAB
    Content:         00
    Size:            2

I have next error: "Repeated section name: '.strtab' at YAML section number 0.", because tool tries to create it own
.symtab.

Taking in account that new binary input is among the smallest ones from what we already have in lld and the fact that crafting
such special object is not possible using existent tool functionality, I suggest to leave it as is.

emaste added a comment.Sep 28 2016, 6:04 AM

Taking in account that new binary input is among the smallest ones from what we already have in lld and the fact that crafting
such special object is not possible using existent tool functionality, I suggest to leave it as is.

OK, sounds fine to me. We can always replace it with yaml2obj or something else later on if it grows the ability to create broken output objects.

ruiu accepted this revision.Sep 28 2016, 10:38 AM
ruiu edited edge metadata.

LGTM

ELF/Writer.cpp
391 ↗(On Diff #72670)

Please include a filename.

This revision is now accepted and ready to land.Sep 28 2016, 10:38 AM
rafael accepted this revision.Sep 28 2016, 12:00 PM
rafael edited edge metadata.

LGTM too. Thanks!

Closed by commit rL282709: [ELF] - Fixed crash on invalid input. (authored by grimar). · Explain WhySep 29 2016, 9:10 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
trunk/
ELF/
6 lines
test/
ELF/
invalid/
Inputs/
7 lines

Diff 72967

lld/trunk/ELF/Writer.cpp

Show First 20 LinesShow All 374 Lines▼ Show 20 Lines
} }
// Local symbols are not in the linker's symbol table. This function scans // Local symbols are not in the linker's symbol table. This function scans
// each object file's symbol table to copy local symbols to the output. // each object file's symbol table to copy local symbols to the output.
template <class ELFT> void Writer<ELFT>::copyLocalSymbols() { template <class ELFT> void Writer<ELFT>::copyLocalSymbols() {
if (!Out<ELFT>::SymTab) if (!Out<ELFT>::SymTab)
return; return;
for (elf::ObjectFile<ELFT> *F : Symtab<ELFT>::X->getObjectFiles()) { for (elf::ObjectFile<ELFT> *F : Symtab<ELFT>::X->getObjectFiles()) {
const char *StrTab = F->getStringTable().data(); StringRef StrTab = F->getStringTable();
for (SymbolBody *B : F->getLocalSymbols()) { for (SymbolBody *B : F->getLocalSymbols()) {
auto *DR = dyn_cast<DefinedRegular<ELFT>>(B); auto *DR = dyn_cast<DefinedRegular<ELFT>>(B);
// No reason to keep local undefined symbol in symtab. // No reason to keep local undefined symbol in symtab.
if (!DR) if (!DR)
continue; continue;
if (!includeInSymtab<ELFT>(*B)) if (!includeInSymtab<ELFT>(*B))
continue; continue;
StringRef SymName(StrTab + B->getNameOffset()); if (B->getNameOffset() >= StrTab.size())
fatal(getFilename(F) + ": invalid symbol name offset");
StringRef SymName(StrTab.data() + B->getNameOffset());
InputSectionBase<ELFT> *Sec = DR->Section; InputSectionBase<ELFT> *Sec = DR->Section;
if (!shouldKeepInSymtab<ELFT>(Sec, SymName, *B)) if (!shouldKeepInSymtab<ELFT>(Sec, SymName, *B))
continue; continue;
++Out<ELFT>::SymTab->NumLocals; ++Out<ELFT>::SymTab->NumLocals;
if (Config->Relocatable) if (Config->Relocatable)
B->DynsymIndex = Out<ELFT>::SymTab->NumLocals; B->DynsymIndex = Out<ELFT>::SymTab->NumLocals;
F->KeptLocalSyms.push_back( F->KeptLocalSyms.push_back(
std::make_pair(DR, Out<ELFT>::SymTab->StrTabSec.addString(SymName))); std::make_pair(DR, Out<ELFT>::SymTab->StrTabSec.addString(SymName)));
▲ Show 20 LinesShow All 1,048 LinesShow Last 20 Lines

lld/trunk/test/ELF/invalid/Inputs/symbol-name-offset.elf

  • This is a binary file.
PropertyOld ValueNew Value
svn:mime-typenullapplication/octet-stream

lld/trunk/test/ELF/invalid/symbol-name.s

# REQUIRES: x86
## symbol-name-offset.elf contains symbol with invalid (too large)
## st_name value.
# RUN: not ld.lld %S/Inputs/symbol-name-offset.elf \
# RUN: -o %t 2>&1 | FileCheck %s
# CHECK: invalid symbol name offset