This is an archive of the discontinued LLVM Phabricator instance.

Differential D25365

[ELF] - Do not crash on absolute local symbol starting from ".L".
ClosedPublic

Authored by grimar on Oct 7 2016, 5:28 AM.

Details

Reviewers
ruiu
davide
rafael
Commits
rGaf58b07acc0d: [ELF] - Do not crash on absolute local symbol starting from ".L".
rLLD283731: [ELF] - Do not crash on absolute local symbol starting from ".L".
rL283731: [ELF] - Do not crash on absolute local symbol starting from ".L".
Summary

I had a bunch of crashes during last AFL runs.

Problem is next. Object contains local symbol of type STT_NOTYPE
(it just should not be STT_FILE or STT_SECTION to crash).

Has section index greater than SHN_LORESERVE, so next code returns 0
template <class ELFT>

uint32_t ELFFileBase<ELFT>::getSectionIndex(const Elf_Sym &Sym) const {
...
  if (I >= ELF::SHN_LORESERVE)
    return 0;
  return I;
}

Then DefinedRegular is created:

  if (Sym->st_shndx == SHN_UNDEF)
    return new (this->Alloc)
        Undefined(Sym->st_name, Sym->st_other, Sym->getType(), this);
  return new (this->Alloc) DefinedRegular<ELFT>(*Sym, Sec);
}

And finally code is crashes in shouldKeepInSymtab() because Sec is null there.

As was noticed by Rafael, the same happens for absolute
local symbols with name staring from ".L".

Patch fixes that.

Diff Detail

Event Timeline

grimar updated this revision to Diff 73920.Oct 7 2016, 5:28 AM
grimar retitled this revision from to [ELF] - Do not crash on invalid local symbol..
grimar updated this object.
grimar added reviewers: ruiu, rafael, davide.
grimar added subscribers: llvm-commits, grimar, evgeny777.
grimar updated this revision to Diff 73933.Oct 7 2016, 8:12 AM
grimar retitled this revision from [ELF] - Do not crash on invalid local symbol. to [ELF] - Do not crash on absolute local symbol starting from ".L"..
grimar updated this object.
  • Updated.
rafael accepted this revision.Oct 7 2016, 10:38 AM
rafael edited edge metadata.

LGTM with a nit.

ELF/Writer.cpp
311

You don't need F.

This revision is now accepted and ready to land.Oct 7 2016, 10:38 AM
davide edited edge metadata.Oct 7 2016, 10:38 AM

lg

ruiu added inline comments.Oct 7 2016, 12:47 PM
ELF/Writer.cpp
339

Add () around &. This is probably better.

return !Sec || !(Sec->getSectionHdr()->sh_flags & SHF_MERGE);
grimar closed this revision.Oct 10 2016, 4:08 AM

Revision: 283731

Revision Contents

PathSize
ELF/
Writer.cpp
Writer.cpp (revision 283559)
7 lines
test/
ELF/
local.s
local.s (revision 283559)
14 lines

Diff 73933

ELF/Writer.cpp

Show First 20 LinesShow All 302 Lines▼ Show 20 Linestemplate <class ELFT> void Writer<ELFT>::run() {
writeBuildId(); writeBuildId();
if (HasError) if (HasError)
return; return;
if (auto EC = Buffer->commit()) if (auto EC = Buffer->commit())
error(EC, "failed to write to the output file"); error(EC, "failed to write to the output file");
} }
template <class ELFT> template <class ELFT>
static bool shouldKeepInSymtab(InputSectionBase<ELFT> *Sec, StringRef SymName, static bool shouldKeepInSymtab(elf::ObjectFile<ELFT> *F,
rafaelUnsubmitted
Not Done
ReplyInline Actions

You don't need F.

rafael: You don't need F.
InputSectionBase<ELFT> *Sec, StringRef SymName,
const SymbolBody &B) { const SymbolBody &B) {
if (B.isFile()) if (B.isFile())
return false; return false;
// We keep sections in symtab for relocatable output. // We keep sections in symtab for relocatable output.
if (B.isSection()) if (B.isSection())
return Config->Relocatable; return Config->Relocatable;
Show All 10 Linesstatic bool shouldKeepInSymtab(elf::ObjectFile<ELFT> *F,
// * The symbol is in a SHF_MERGE section, which is normally the reason for // * The symbol is in a SHF_MERGE section, which is normally the reason for
// the assembler keeping the .L symbol. // the assembler keeping the .L symbol.
if (!SymName.startswith(".L") && !SymName.empty()) if (!SymName.startswith(".L") && !SymName.empty())
return true; return true;
if (Config->Discard == DiscardPolicy::Locals) if (Config->Discard == DiscardPolicy::Locals)
return false; return false;
return !(Sec->getSectionHdr()->sh_flags & SHF_MERGE); return !(Sec && Sec->getSectionHdr()->sh_flags & SHF_MERGE);
ruiuUnsubmitted
Not Done
ReplyInline Actions

Add () around &. This is probably better.

return !Sec || !(Sec->getSectionHdr()->sh_flags & SHF_MERGE);
ruiu: Add () around &. This is probably better. return !Sec || !(Sec->getSectionHdr()->sh_flags &…
} }
template <class ELFT> static bool includeInSymtab(const SymbolBody &B) { template <class ELFT> static bool includeInSymtab(const SymbolBody &B) {
if (!B.isLocal() && !B.symbol()->IsUsedInRegularObj) if (!B.isLocal() && !B.symbol()->IsUsedInRegularObj)
return false; return false;
if (auto *D = dyn_cast<DefinedRegular<ELFT>>(&B)) { if (auto *D = dyn_cast<DefinedRegular<ELFT>>(&B)) {
// Always include absolute symbols. // Always include absolute symbols.
Show All 22 Lines for (SymbolBody *B : F->getLocalSymbols()) {
if (!DR) if (!DR)
continue; continue;
if (!includeInSymtab<ELFT>(*B)) if (!includeInSymtab<ELFT>(*B))
continue; continue;
if (B->getNameOffset() >= StrTab.size()) if (B->getNameOffset() >= StrTab.size())
fatal(getFilename(F) + ": invalid symbol name offset"); fatal(getFilename(F) + ": invalid symbol name offset");
StringRef SymName(StrTab.data() + B->getNameOffset()); StringRef SymName(StrTab.data() + B->getNameOffset());
InputSectionBase<ELFT> *Sec = DR->Section; InputSectionBase<ELFT> *Sec = DR->Section;
if (!shouldKeepInSymtab<ELFT>(Sec, SymName, *B)) if (!shouldKeepInSymtab<ELFT>(F, Sec, SymName, *B))
continue; continue;
++Out<ELFT>::SymTab->NumLocals; ++Out<ELFT>::SymTab->NumLocals;
if (Config->Relocatable) if (Config->Relocatable)
B->DynsymIndex = Out<ELFT>::SymTab->NumLocals; B->DynsymIndex = Out<ELFT>::SymTab->NumLocals;
F->KeptLocalSyms.push_back( F->KeptLocalSyms.push_back(
std::make_pair(DR, Out<ELFT>::SymTab->StrTabSec.addString(SymName))); std::make_pair(DR, Out<ELFT>::SymTab->StrTabSec.addString(SymName)));
} }
} }
▲ Show 20 LinesShow All 1,034 LinesShow Last 20 Lines

test/ELF/local.s

// Check that symbol table is correctly populated with local symbols. // Check that symbol table is correctly populated with local symbols.
// RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t // RUN: llvm-mc -save-temp-labels -filetype=obj -triple=x86_64-pc-linux %s -o %t
// RUN: ld.lld %t -o %t1 // RUN: ld.lld %t -o %t1
// RUN: llvm-readobj -t -s %t1 | FileCheck %s // RUN: llvm-readobj -t -s %t1 | FileCheck %s
// REQUIRES: x86 // REQUIRES: x86
// Check that Info is equal to the number of local symbols. // Check that Info is equal to the number of local symbols.
// CHECK: Section { // CHECK: Section {
// CHECK: Name: .symtab // CHECK: Name: .symtab
// CHECK-NEXT: Type: SHT_SYMTAB // CHECK-NEXT: Type: SHT_SYMTAB
// CHECK-NEXT: Flags [ // CHECK-NEXT: Flags [
// CHECK-NEXT: ] // CHECK-NEXT: ]
// CHECK-NEXT: Address: // CHECK-NEXT: Address:
// CHECK-NEXT: Offset: // CHECK-NEXT: Offset:
// CHECK-NEXT: Size: // CHECK-NEXT: Size:
// CHECK-NEXT: Link: // CHECK-NEXT: Link:
// CHECK-NEXT: Info: 5 // CHECK-NEXT: Info: 6
// CHECK: Symbols [ // CHECK: Symbols [
// CHECK-NEXT: Symbol { // CHECK-NEXT: Symbol {
// CHECK-NEXT: Name: // CHECK-NEXT: Name:
// CHECK-NEXT: Value: 0x0 // CHECK-NEXT: Value: 0x0
// CHECK-NEXT: Size: 0 // CHECK-NEXT: Size: 0
// CHECK-NEXT: Binding: Local // CHECK-NEXT: Binding: Local
// CHECK-NEXT: Type: None // CHECK-NEXT: Type: None
// CHECK-NEXT: Other: 0 // CHECK-NEXT: Other: 0
// CHECK-NEXT: Section: Undefined // CHECK-NEXT: Section: Undefined
// CHECK-NEXT: } // CHECK-NEXT: }
// CHECK-NEXT: Symbol { // CHECK-NEXT: Symbol {
// CHECK-NEXT: Name: .Labs
// CHECK-NEXT: Value: 0x2B
// CHECK-NEXT: Size: 0
// CHECK-NEXT: Binding: Local
// CHECK-NEXT: Type: None
// CHECK-NEXT: Other: 0
// CHECK-NEXT: Section: Absolute
// CHECK-NEXT: }
// CHECK-NEXT: Symbol {
// CHECK-NEXT: Name: abs // CHECK-NEXT: Name: abs
// CHECK-NEXT: Value: 0x2A // CHECK-NEXT: Value: 0x2A
// CHECK-NEXT: Size: 0 // CHECK-NEXT: Size: 0
// CHECK-NEXT: Binding: Local // CHECK-NEXT: Binding: Local
// CHECK-NEXT: Type: None // CHECK-NEXT: Type: None
// CHECK-NEXT: Other: 0 // CHECK-NEXT: Other: 0
// CHECK-NEXT: Section: Absolute // CHECK-NEXT: Section: Absolute
// CHECK-NEXT: } // CHECK-NEXT: }
Show All 37 Lines
.global _start .global _start
_start: _start:
blah: blah:
foo: foo:
goo: goo:
abs = 42 abs = 42
.Labs = 43