This is an archive of the discontinued LLVM Phabricator instance.

[Object/ELF] - Check that e_shnum is null when e_shoff is.
ClosedPublic

Authored by grimar on Sep 30 2016, 4:30 AM.

Download Raw Diff

Details

Reviewers

davide
• rafael

Commits

rG65807f899b46: Recommit r284371 "[Object/ELF] - Check that e_shnum is null when e_shoff is."…
rG7d97e735892b: [Object/ELF] - Check that e_shnum is null when e_shoff is.
rL284374: Recommit r284371 "[Object/ELF] - Check that e_shnum is null when e_shoff is."
rL284371: [Object/ELF] - Check that e_shnum is null when e_shoff is.

Summary

Spec says (http://www.sco.com/developers/gabi/1998-04-29/ch4.eheader.html) :
e_shnum
This member holds the number of entries in the section header table. Thus the product of e_shentsize and e_shnum gives the section header table's size in bytes. If a file has no section header table, e_shnum holds the value zero.

Revealed using "id_000037,sig_11,src_000015,op_havoc,rep_8" from PR30540

That was the reason of crash in lld on incorrect input file.
Binary reduced using afl-min.

Diff Detail

Repository: rL LLVM

Event Timeline

grimar updated this revision to Diff 73034.Sep 30 2016, 4:30 AM

grimar retitled this revision from to [Object/ELF] - Check that e_shnum is null when e_shoff is..

grimar updated this object.

grimar added reviewers: • rafael, davide.

grimar added subscribers: llvm-commits, grimar, evgeny777.

Ping.

LGTM, but please also include a lld test as we might want to me a bit more lenient in here in the future.

This revision is now accepted and ready to land.Oct 14 2016, 8:23 PM

Closed by commit rL284371: [Object/ELF] - Check that e_shnum is null when e_shoff is. (authored by grimar). · Explain WhyOct 17 2016, 3:15 AM

This revision was automatically updated to reflect the committed changes.

grimar mentioned this in rL284375: [ELF] - Added testcase relative to D25090..Oct 17 2016, 4:24 AM

In D25090#571020, @rafael wrote:

LGTM, but please also include a lld test as we might want to me a bit more lenient in here in the future.

r284375

Also I had to modify 2 precompiled inputs to commit this finally. Because it broke buildbots:
http://lab.llvm.org:8011/builders/llvm-clang-lld-x86_64-scei-ps4-ubuntu-fast/builds/21736/steps/test/logs/stdio

So I just zeroed the e_shnum fields in hex editor to let them pass this new check (https://reviews.llvm.org/rL284374).

grimar mentioned this in rLLD358990: [LLD][ELF] - Remove dynamic-section-sh_size.elf binary, convert test to yaml..Apr 23 2019, 7:22 AM

grimar mentioned this in rL358990: [LLD][ELF] - Remove dynamic-section-sh_size.elf binary, convert test to yaml..

grimar mentioned this in rGbb2079b7e13a: [LLD][ELF] - Remove dynamic-section-sh_size.elf binary, convert test to yaml..

grimar mentioned this in D65946: [llvm-readobj] - Remove deprecated unwrapOrError(Expected<T> EO)..Aug 9 2019, 1:59 AM

Revision Contents

Path

Size

llvm/

trunk/

include/

llvm/

Object/

ELF.h

6 lines

test/

Object/

Inputs/

invalid-e_shnum.elf

invalid.test

3 lines

Diff 74823

llvm/trunk/include/llvm/Object/ELF.h

Show First 20 Lines • Show All 313 Lines • ▼ Show 20 Lines	ELFFile<ELFT>::ELFFile(StringRef Object, std::error_code &EC)
if (sizeof(Elf_Ehdr) > FileSize) {		if (sizeof(Elf_Ehdr) > FileSize) {
// File too short!		// File too short!
EC = object_error::parse_failed;		EC = object_error::parse_failed;
return;		return;
}		}

Header = reinterpret_cast<const Elf_Ehdr *>(base());		Header = reinterpret_cast<const Elf_Ehdr *>(base());

if (Header->e_shoff == 0)		if (Header->e_shoff == 0) {
		if (Header->e_shnum != 0)
		report_fatal_error(
		"e_shnum should be zero if a file has no section header table");
return;		return;
		}

const uint64_t SectionTableOffset = Header->e_shoff;		const uint64_t SectionTableOffset = Header->e_shoff;

if (SectionTableOffset + sizeof(Elf_Shdr) > FileSize) {		if (SectionTableOffset + sizeof(Elf_Shdr) > FileSize) {
// Section header table goes past end of file!		// Section header table goes past end of file!
EC = object_error::parse_failed;		EC = object_error::parse_failed;
return;		return;
}		}
▲ Show 20 Lines • Show All 151 Lines • Show Last 20 Lines

llvm/trunk/test/Object/Inputs/invalid-e_shnum.elf

This is a binary file.

Property	Old Value	New Value
svn:mime-type	null	application/octet-stream

llvm/trunk/test/Object/invalid.test

	Show First 20 Lines • Show All 49 Lines • ▼ Show 20 Lines

	RUN: not llvm-readobj -t %p/Inputs/invalid-symbol-table-size.elf 2>&1 \| FileCheck --check-prefix=INVALID-SYMTAB-SIZE %s			RUN: not llvm-readobj -t %p/Inputs/invalid-symbol-table-size.elf 2>&1 \| FileCheck --check-prefix=INVALID-SYMTAB-SIZE %s
	INVALID-SYMTAB-SIZE: Invalid data was encountered while parsing the file			INVALID-SYMTAB-SIZE: Invalid data was encountered while parsing the file


	RUN: not llvm-readobj -t %p/Inputs/invalid-xindex-size.elf 2>&1 \| FileCheck --check-prefix=INVALID-XINDEX-SIZE %s			RUN: not llvm-readobj -t %p/Inputs/invalid-xindex-size.elf 2>&1 \| FileCheck --check-prefix=INVALID-XINDEX-SIZE %s
	INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.			INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.

				RUN: not llvm-readobj -t %p/Inputs/invalid-e_shnum.elf 2>&1 \| FileCheck --check-prefix=INVALID-SH-NUM %s
				INVALID-SH-NUM: e_shnum should be zero if a file has no section header table

	RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 \| \			RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 \| \
	RUN: FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s			RUN: FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s
	INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index			INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index

	RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 \| \			RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 \| \
	RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s			RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
	RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 \| \			RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 \| \
	RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s			RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
	INVALID-RELOC-SH-OFFSET: Invalid data was encountered while parsing the file			INVALID-RELOC-SH-OFFSET: Invalid data was encountered while parsing the file