This is an archive of the discontinued LLVM Phabricator instance.

Differential D25082

[ELF] - Do not crash on invalid section alignment.
ClosedPublic

Authored by grimar on Sep 30 2016, 2:14 AM.

Details

Reviewers
ruiu
davide
rafael
Commits
rG2c0a7f081a8a: [ELF] - Do not crash on invalid section alignment.
rLLD283097: [ELF] - Do not crash on invalid section alignment.
rL283097: [ELF] - Do not crash on invalid section alignment.
Summary

Case was revealed by id_000010,sig_08,src_000000,op_havoc,rep_4 from PR30540.

Out implementation uses uint32 for storing section alignment value,
what seems reasonable, though if value exceeds 32 bits bounds we have
truncation and final value of 0.

afl-min was applied to input.

Diff Detail

Event Timeline

grimar updated this revision to Diff 73012.Sep 30 2016, 2:14 AM
grimar retitled this revision from to [ELF] - Do not crash on invalid section alignment..
grimar updated this object.
grimar added reviewers: rafael, ruiu, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
evgeny777 added inline comments.Sep 30 2016, 2:17 AM
ELF/InputSection.cpp
48

This doesn't make any sense for ELF32, does it? What about using MaxPageSize?

grimar added inline comments.Sep 30 2016, 5:54 AM
ELF/InputSection.cpp
48

For ELF32 it does not, I see no problem here.
About MaxPageSize - it seems there is no dependency in GNU linkers between section alignment and MaxPageSize,
why do you think this would be correct ?

evgeny777 added inline comments.Sep 30 2016, 6:45 AM
ELF/InputSection.cpp
48

Just checked: both gas and llvm-mc require alignment to be 32-bit value which is a power of 2. So better check for alignment can be:

bool NotPower2 = Header->sh_addralign & (Header->sh_addralign - 1);
if (Header->sh_addralign > 0x80000000 || NotPower2)
  error("...");
grimar added inline comments.Sep 30 2016, 6:51 AM
ELF/InputSection.cpp
48

It is not just gas/llvm-mc, it is requirement for this field: "Only 0 and positive integral powers of 2 are currently allowed as values for this field. A value of 0 or 1 indicates no address alignment constraints.",

though I do not know do we want to check such details in linker or not. As far I understand main aim to fix wrong inputs is "just please do not crash" and not to verify if the ELF object is correct. As you mentioned, llvm-mc already do this check for us.

rafael accepted this revision.Sep 30 2016, 11:04 AM
rafael edited edge metadata.

This is fine since it fixes a crash and we can always improve on it afterwards.

Can you write the test with yaml2obj or it too requires the value to be 32 bits?

This revision is now accepted and ready to land.Sep 30 2016, 11:04 AM
grimar added a comment.Oct 3 2016, 3:11 AM
In D25082#557514, @rafael wrote:

This is fine since it fixes a crash and we can always improve on it afterwards.

Can you write the test with yaml2obj or it too requires the value to be 32 bits?

It is possible to write test using yapl2obj for this, will commit in a while.

grimar closed this revision.Oct 3 2016, 3:15 AM

r283097

Revision Contents

PathSize
ELF/
2 lines
test/
ELF/
invalid/
Inputs/
7 lines

Diff 73012

ELF/InputSection.cpp

Show All 39 Lines
InputSectionBase<ELFT>::InputSectionBase(elf::ObjectFile<ELFT> *File, InputSectionBase<ELFT>::InputSectionBase(elf::ObjectFile<ELFT> *File,
const Elf_Shdr *Hdr, StringRef Name, const Elf_Shdr *Hdr, StringRef Name,
Kind SectionKind) Kind SectionKind)
: InputSectionData(SectionKind, Name, getSectionContents(File, Hdr), : InputSectionData(SectionKind, Name, getSectionContents(File, Hdr),
Hdr->sh_flags & SHF_COMPRESSED, !Config->GcSections), Hdr->sh_flags & SHF_COMPRESSED, !Config->GcSections),
Header(Hdr), File(File), Repl(this) { Header(Hdr), File(File), Repl(this) {
// The ELF spec states that a value of 0 means the section has // The ELF spec states that a value of 0 means the section has
// no alignment constraits. // no alignment constraits.
if (Header->sh_addralign > UINT32_MAX)
evgeny777Unsubmitted
Not Done
ReplyInline Actions

This doesn't make any sense for ELF32, does it? What about using MaxPageSize?

evgeny777: This doesn't make any sense for ELF32, does it? What about using MaxPageSize?
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

For ELF32 it does not, I see no problem here.
About MaxPageSize - it seems there is no dependency in GNU linkers between section alignment and MaxPageSize,
why do you think this would be correct ?

grimar: For ELF32 it does not, I see no problem here. About MaxPageSize - it seems there is no…
evgeny777Unsubmitted
Not Done
ReplyInline Actions

Just checked: both gas and llvm-mc require alignment to be 32-bit value which is a power of 2. So better check for alignment can be:

bool NotPower2 = Header->sh_addralign & (Header->sh_addralign - 1);
if (Header->sh_addralign > 0x80000000 || NotPower2)
  error("...");
evgeny777: Just checked: both gas and llvm-mc require alignment to be 32-bit value which is a power of 2.
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

It is not just gas/llvm-mc, it is requirement for this field: "Only 0 and positive integral powers of 2 are currently allowed as values for this field. A value of 0 or 1 indicates no address alignment constraints.",

though I do not know do we want to check such details in linker or not. As far I understand main aim to fix wrong inputs is "just please do not crash" and not to verify if the ELF object is correct. As you mentioned, llvm-mc already do this check for us.

grimar: It is not just gas/llvm-mc, it is requirement for this field: "Only 0 and positive integral…
fatal(getFilename(File) + ": section sh_addralign is too large");
Alignment = std::max<uintX_t>(Header->sh_addralign, 1); Alignment = std::max<uintX_t>(Header->sh_addralign, 1);
} }
template <class ELFT> size_t InputSectionBase<ELFT>::getSize() const { template <class ELFT> size_t InputSectionBase<ELFT>::getSize() const {
if (auto *D = dyn_cast<InputSection<ELFT>>(this)) if (auto *D = dyn_cast<InputSection<ELFT>>(this))
if (D->getThunksSize() > 0) if (D->getThunksSize() > 0)
return D->getThunkOff() + D->getThunksSize(); return D->getThunkOff() + D->getThunksSize();
return Header->sh_size; return Header->sh_size;
▲ Show 20 LinesShow All 722 LinesShow Last 20 Lines

test/ELF/invalid/Inputs/section-alignment.elf

  • This is a binary file.
PropertyOld ValueNew Value
svn:mime-typenullapplication/octet-stream
\ No newline at end of property

test/ELF/invalid/section-alignment.s

# REQUIRES: x86
## In current lld implementation, we do not accept sh_addralign
## larger than UINT32_MAX.
# RUN: not ld.lld %S/Inputs/section-alignment.elf \
# RUN: -o %t 2>&1 | FileCheck %s
# CHECK: section sh_addralign is too large