This is an archive of the discontinued LLVM Phabricator instance.

Differential D37447

[Decompression] Fail gracefully when out of memory
ClosedPublic

Authored by JDevlieghere on Sep 4 2017, 10:37 AM.

Details

Reviewers
grimar
Commits
rG0992d3827739: [Decompression] Fail gracefully when out of memory
rL312526: [Decompression] Fail gracefully when out of memory
Summary

This patch ensures that we fail gracefully when running out of memory when
allocating a buffer for decompression.

This provides a work-around for: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3224

I've spend some time looking at a better solution but this is the best I could come up with. I'd be very excited if anyone has a better idea!

Diff Detail

Repository
rL LLVM

Event Timeline

JDevlieghere created this revision.Sep 4 2017, 10:37 AM
davide added a subscriber: davide.Sep 4 2017, 1:56 PM

I don't think we want to do something fancier, at least for now.
If you run out of memory, we just report instead of crashing.
Presumably, if something shows up, we can have an API that propagates back errors to the caller which can take an appropriate action, but I don't see a compelling use case (maybe I miss one?)

lib/Object/Decompressor.cpp
98–100 ↗(On Diff #113777)

fatal?

JDevlieghere updated this revision to Diff 113805.Sep 5 2017, 1:03 AM

Use report_fatal_error

grimar added inline comments.Sep 5 2017, 1:15 AM
lib/Object/Decompressor.cpp
98–100 ↗(On Diff #113777)

Thanks for using report_fatal_error here, it is correct I belive because implementation of llvm::report_bad_alloc_error explicitly expects handler does not return.

test/tools/llvm-dwarfdump/dwarf-invalid-compression.test
2 ↗(On Diff #113777)

Would be nice to include some additional information here.
At least decompressor currently can know about section name,
probably something like:
Decompression of '.section_name_here' failed: unable to allocate 2314885530818453536 bytes. ?

JDevlieghere updated this revision to Diff 113809.Sep 5 2017, 1:40 AM
JDevlieghere added a subscriber: kcc.

Thanks! I've updated the diff to include the section name.

My test case is the one from oss-fuzz, so unfortunately the section name doesn't say much. I don't know enough about the binary file format to change it.

grimar edited edge metadata.Sep 5 2017, 2:23 AM

I prepared a better binary, you can take it here:
https://drive.google.com/open?id=0B_OWr6ld9gUmZ3lqMkUzcThvd1E
(with that error message will contain proper section name).

It is prepared using following source code and invocation:
test.cpp:
int main() { return 0; }

gcc test.cpp -o out -g -Wl,--compress-debug-sections,zlib

After that result object was modified manually.
Decompressed size of .debug_frame section was changed to 0xffffffffffffffff in
compression header.

Please include this information into testcase. We usually do that for testcases,
which uses precompiled binary
(see llvm\test\DebugInfo\dwarfdump-decompression-error.test for example)

include/llvm/Object/Decompressor.h
46 ↗(On Diff #113809)

You do not need this getter, you can access to SectionName directly from handler as it is a static member function.

test/tools/llvm-dwarfdump/dwarf-invalid-compression.test
2 ↗(On Diff #113809)

Decompression -> decompression
(error messages starts from lowercase)

JDevlieghere updated this revision to Diff 113814.Sep 5 2017, 2:53 AM

Thanks George, this has been very helpful!

Diff updated:

  • Better binary for test
  • Move test itself to the appropriate directory
  • Remove section name getter
grimar accepted this revision.Sep 5 2017, 3:03 AM

LGTM, thanks ! (minor nit)

lib/Object/Decompressor.cpp
98 ↗(On Diff #113814)

Did you mean 'const' instead of 'class' ?
Using of 'class' is inconsistend with LLVM code, I think it never uses it in
static_cast expressions, so I would remove it.

This revision is now accepted and ready to land.Sep 5 2017, 3:03 AM
JDevlieghere added inline comments.Sep 5 2017, 3:28 AM
lib/Object/Decompressor.cpp
98 ↗(On Diff #113814)

I had a conflicting variable named Decompressor and the compiler suggested doing this. Because I have never had to use this I wanted to give it try before renaming the variable to D. I renamed the variable but forgot to remove class. Thanks!

Seems like const works here as well, I'll go with that :-)

Closed by commit rL312526: [Decompression] Fail gracefully when out of memory (authored by JDevlieghere). · Explain WhySep 5 2017, 4:23 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
include/
llvm/
Object/
8 lines
lib/
Object/
14 lines
test/
DebugInfo/
Inputs/
13 lines

Diff 113832

llvm/trunk/include/llvm/Object/Decompressor.h

//===-- Decompressor.h ------------------------------------------*- C++ -*-===// //===-- Decompressor.h ------------------------------------------*- C++ -*-===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===/ //===----------------------------------------------------------------------===/
#ifndef LLVM_OBJECT_DECOMPRESSOR_H #ifndef LLVM_OBJECT_DECOMPRESSOR_H
#define LLVM_OBJECT_DECOMPRESSOR_H #define LLVM_OBJECT_DECOMPRESSOR_H
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/Object/ObjectFile.h" #include "llvm/Object/ObjectFile.h"
#include "llvm/Support/ErrorHandling.h"
namespace llvm { namespace llvm {
namespace object { namespace object {
/// @brief Decompressor helps to handle decompression of compressed sections. /// @brief Decompressor helps to handle decompression of compressed sections.
class Decompressor { class Decompressor {
public: public:
/// @brief Create decompressor object. /// @brief Create decompressor object.
/// @param Name Section name. /// @param Name Section name.
/// @param Data Section content. /// @param Data Section content.
/// @param IsLE Flag determines if Data is in little endian form. /// @param IsLE Flag determines if Data is in little endian form.
/// @param Is64Bit Flag determines if object is 64 bit. /// @param Is64Bit Flag determines if object is 64 bit.
static Expected<Decompressor> create(StringRef Name, StringRef Data, static Expected<Decompressor> create(StringRef Name, StringRef Data,
bool IsLE, bool Is64Bit); bool IsLE, bool Is64Bit);
/// @brief Resize the buffer and uncompress section data into it. /// @brief Resize the buffer and uncompress section data into it.
/// @param Out Destination buffer. /// @param Out Destination buffer.
template <class T> Error resizeAndDecompress(T &Out) { template <class T> Error resizeAndDecompress(T &Out) {
install_bad_alloc_error_handler(outOfMemoryHandler, this);
Out.resize(DecompressedSize); Out.resize(DecompressedSize);
remove_bad_alloc_error_handler();
return decompress({Out.data(), (size_t)DecompressedSize}); return decompress({Out.data(), (size_t)DecompressedSize});
} }
/// @brief Uncompress section data to raw buffer provided. /// @brief Uncompress section data to raw buffer provided.
/// @param Buffer Destination buffer. /// @param Buffer Destination buffer.
Error decompress(MutableArrayRef<char> Buffer); Error decompress(MutableArrayRef<char> Buffer);
/// @brief Return memory buffer size required for decompression. /// @brief Return memory buffer size required for decompression.
uint64_t getDecompressedSize() { return DecompressedSize; } uint64_t getDecompressedSize() { return DecompressedSize; }
/// @brief Return true if section is compressed, including gnu-styled case. /// @brief Return true if section is compressed, including gnu-styled case.
static bool isCompressed(const object::SectionRef &Section); static bool isCompressed(const object::SectionRef &Section);
/// @brief Return true if section is a ELF compressed one. /// @brief Return true if section is a ELF compressed one.
static bool isCompressedELFSection(uint64_t Flags, StringRef Name); static bool isCompressedELFSection(uint64_t Flags, StringRef Name);
/// @brief Return true if section name matches gnu style compressed one. /// @brief Return true if section name matches gnu style compressed one.
static bool isGnuStyle(StringRef Name); static bool isGnuStyle(StringRef Name);
private: private:
Decompressor(StringRef Data); static void outOfMemoryHandler(void *Data, const std::string &Message, bool);
Decompressor(StringRef Name, StringRef Data);
Error consumeCompressedGnuHeader(); Error consumeCompressedGnuHeader();
Error consumeCompressedZLibHeader(bool Is64Bit, bool IsLittleEndian); Error consumeCompressedZLibHeader(bool Is64Bit, bool IsLittleEndian);
StringRef SectionName;
StringRef SectionData; StringRef SectionData;
uint64_t DecompressedSize; uint64_t DecompressedSize;
}; };
} // end namespace object } // end namespace object
} // end namespace llvm } // end namespace llvm
#endif // LLVM_OBJECT_DECOMPRESSOR_H #endif // LLVM_OBJECT_DECOMPRESSOR_H

llvm/trunk/lib/Object/Decompressor.cpp

Show All 17 Lines
using namespace llvm::support::endian; using namespace llvm::support::endian;
using namespace object; using namespace object;
Expected<Decompressor> Decompressor::create(StringRef Name, StringRef Data, Expected<Decompressor> Decompressor::create(StringRef Name, StringRef Data,
bool IsLE, bool Is64Bit) { bool IsLE, bool Is64Bit) {
if (!zlib::isAvailable()) if (!zlib::isAvailable())
return createError("zlib is not available"); return createError("zlib is not available");
Decompressor D(Data); Decompressor D(Name, Data);
Error Err = isGnuStyle(Name) ? D.consumeCompressedGnuHeader() Error Err = isGnuStyle(Name) ? D.consumeCompressedGnuHeader()
: D.consumeCompressedZLibHeader(Is64Bit, IsLE); : D.consumeCompressedZLibHeader(Is64Bit, IsLE);
if (Err) if (Err)
return std::move(Err); return std::move(Err);
return D; return D;
} }
Decompressor::Decompressor(StringRef Data) Decompressor::Decompressor(StringRef Name, StringRef Data)
: SectionData(Data), DecompressedSize(0) {} : SectionName(Name), SectionData(Data), DecompressedSize(0) {}
Error Decompressor::consumeCompressedGnuHeader() { Error Decompressor::consumeCompressedGnuHeader() {
if (!SectionData.startswith("ZLIB")) if (!SectionData.startswith("ZLIB"))
return createError("corrupted compressed section header"); return createError("corrupted compressed section header");
SectionData = SectionData.substr(4); SectionData = SectionData.substr(4);
// Consume uncompressed section size (big-endian 8 bytes). // Consume uncompressed section size (big-endian 8 bytes).
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines
bool Decompressor::isCompressedELFSection(uint64_t Flags, StringRef Name) { bool Decompressor::isCompressedELFSection(uint64_t Flags, StringRef Name) {
return (Flags & ELF::SHF_COMPRESSED) || isGnuStyle(Name); return (Flags & ELF::SHF_COMPRESSED) || isGnuStyle(Name);
} }
Error Decompressor::decompress(MutableArrayRef<char> Buffer) { Error Decompressor::decompress(MutableArrayRef<char> Buffer) {
size_t Size = Buffer.size(); size_t Size = Buffer.size();
return zlib::uncompress(SectionData, Buffer.data(), Size); return zlib::uncompress(SectionData, Buffer.data(), Size);
} }
void Decompressor::outOfMemoryHandler(void *Data, const std::string &Message,
bool) {
const auto *D = static_cast<const Decompressor *>(Data);
report_fatal_error("decompression of '" + Twine(D->SectionName) +
"' failed: unable to allocate " +
Twine(D->DecompressedSize) + " bytes.");
}

llvm/trunk/test/DebugInfo/Inputs/dwarfdump-decompression-invalid-size.elf-x86-64

  • This is a binary file.

llvm/trunk/test/DebugInfo/dwarfdump-decompression-invalid-size.test

// dwarfdump-decompression-invalid-size.elf-x86-64 is prepared using following
// source code and invocation:
// test.cpp:
// int main() { return 0; }
//
// gcc test.cpp -o out -g -Wl,--compress-debug-sections,zlib
//
// After that result object was modified manually. Decompressed size of
// .debug_frame section was changed to 0xffffffffffffffff in compression
// header.
RUN: not llvm-dwarfdump %p/Inputs/dwarfdump-decompression-invalid-size.elf-x86-64 2>&1 | FileCheck %s
CHECK: decompression of '.debug_frame' failed: unable to allocate 18446744073709551615 bytes.