This is an archive of the discontinued LLVM Phabricator instance.

[Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.
ClosedPublic

Authored by grimar on Oct 3 2016, 7:02 AM.

Details

Summary

Previously code would access invalid memory and may crash,
patch fixes the issue. Used AFL and latest lld code with WIP patches applied to find.

Diff Detail

Event Timeline

grimar updated this revision to Diff 73272.Oct 3 2016, 7:02 AM
grimar retitled this revision from to [Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section..
grimar updated this object.
grimar added reviewers: rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
rafael accepted this revision.Oct 3 2016, 9:26 AM
rafael edited edge metadata.

LGTM.

It should be possible to craft a similar crash by patching sh_size, no?

This revision is now accepted and ready to land.Oct 3 2016, 9:26 AM
grimar added a comment.Oct 4 2016, 2:21 AM

LGTM.

It should be possible to craft a similar crash by patching sh_size, no?

Yes, I think so. I'll take a look what will happen and probably prepare a patch.

This revision was automatically updated to reflect the committed changes.