This is an archive of the discontinued LLVM Phabricator instance.

Differential D38397

[ELF] Don't crash when parsing a file with external version definition references
ClosedPublic

Authored by arichardson on Sep 29 2017, 4:05 AM.

Details

Reviewers
ruiu
rafael
pcc
grimar
Commits
rGb9aa9a55006a: [ELF] Don't crash when parsing a file with out-of-bounds version references
rG57f089775b23: [ELF] Don't crash when parsing a file with external version definition…
rLLD315036: [ELF] Don't crash when parsing a file with out-of-bounds version references
rLLD315035: [ELF] Don't crash when parsing a file with external version definition…
rL315036: [ELF] Don't crash when parsing a file with out-of-bounds version references
rL315035: [ELF] Don't crash when parsing a file with external version definition…
Summary

We were crashing when linking telnetd in FreeBSD because lld was emitting
corrupted output files for --norosegment. In this file the version index of some symbols
was set to 9 but lld only found 8 version definitions.

I am not sure how to create a minimal .so file that also exposes this behaviour so I just added the one that initially caused the error to Inputs/

This partially addresses https://bugs.llvm.org/show_bug.cgi?id=34705

Diff Detail

Repository
rL LLVM

Event Timeline

arichardson created this revision.Sep 29 2017, 4:05 AM
Herald added subscribers: krytarowski, emaste. · View Herald TranscriptSep 29 2017, 4:05 AM
ruiu edited edge metadata.Oct 1 2017, 6:57 PM

Even with this patch, you cannot link telnetd in FreeBSD because this patch is to just prevent lld from crashing, right? I wonder why you don't add a feature so that you can link telnetd.

arichardson added a comment.Oct 2 2017, 4:59 AM

I was able to link telnetd with these changes, possibly it doesn't use any of the symbols with the external version reference.

I don't really know anything about ELF versions so I thought as a first step not crashing would be useful. Also I don't think LLD should crash when reading an invalid input file but rather reject it.

arichardson updated this revision to Diff 117801.Oct 5 2017, 6:02 AM
arichardson edited the summary of this revision. (Show Details)
arichardson added a reviewer: grimar.

The issue that caused the corrupted input file appears to be fixed by https://reviews.llvm.org/D38579 and https://reviews.llvm.org/D38580. However we should still never access out-of-bounds memory, so turned this into a hard error

arichardson updated this revision to Diff 117825.Oct 5 2017, 8:05 AM

fix typos in test case

ruiu accepted this revision.Oct 5 2017, 11:58 AM

LGTM

ELF/InputFiles.cpp
782–784 ↗(On Diff #117825)

Since this is presumably a rare error (we wouldn't have noticed it without a bug of lld itself), I'd make it slightly shorter.

error: corrupt input file: version definition index 10 for symbol bar is out of range
>>> defined in foo.so
This revision is now accepted and ready to land.Oct 5 2017, 11:58 AM
Closed by commit rL315035: [ELF] Don't crash when parsing a file with external version definition… (authored by arichardson). · Explain WhyOct 5 2017, 4:30 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
trunk/
ELF/
15 lines
test/
ELF/
Inputs/
10 lines

Diff 117933

lld/trunk/ELF/InputFiles.cpp

Show First 20 LinesShow All 769 Lines▼ Show 20 Lines for (const Elf_Sym &Sym : Syms) {
if (Sym.isUndefined()) { if (Sym.isUndefined()) {
Undefs.push_back(Name); Undefs.push_back(Name);
continue; continue;
} }
// Ignore local symbols. // Ignore local symbols.
if (Versym && VersymIndex == VER_NDX_LOCAL) if (Versym && VersymIndex == VER_NDX_LOCAL)
continue; continue;
const Elf_Verdef *V = nullptr;
const Elf_Verdef *V = if (VersymIndex != VER_NDX_GLOBAL) {
VersymIndex == VER_NDX_GLOBAL ? nullptr : Verdefs[VersymIndex]; if (VersymIndex >= Verdefs.size()) {
error("corrupt input file: version definition index " +
Twine(VersymIndex) + " for symbol " + Name +
" is greater than the maximum value " +
Twine(Verdefs.size() - 1) + "\n>>> symbol is defined in " +
toString(this));
continue;
}
V = Verdefs[VersymIndex];
}
if (!Hidden) if (!Hidden)
Symtab->addShared(Name, this, Sym, V); Symtab->addShared(Name, this, Sym, V);
// Also add the symbol with the versioned name to handle undefined symbols // Also add the symbol with the versioned name to handle undefined symbols
// with explicit versions. // with explicit versions.
if (V) { if (V) {
StringRef VerName = this->StringTable.data() + V->getAux()->vda_name; StringRef VerName = this->StringTable.data() + V->getAux()->vda_name;
▲ Show 20 LinesShow All 304 LinesShow Last 20 Lines

lld/trunk/test/ELF/Inputs/corrupt-version-reference.so

  • This is a binary file.

lld/trunk/test/ELF/corrupted-version-reference.s

# RUN: llvm-mc -triple=mips64-unknown-freebsd %s -filetype=obj -o %t.o
# RUN: not ld.lld %t.o %S/Inputs/corrupt-version-reference.so -o %t.exe 2>&1 | FileCheck %s
# CHECK: error: corrupt input file: version definition index 9 for symbol __cxa_finalize is greater than the maximum value 8
# CHECK: >>> symbol is defined in {{.+}}/corrupt-version-reference.so
.globl __start
__start:
dla $a0, __cxa_finalize
nop