This is an archive of the discontinued LLVM Phabricator instance.

Differential D42010

[LLD][COFF] Report error when file will exceed Windows maximum image size (4GB)
ClosedPublic

Authored by colden on Jan 12 2018, 1:56 PM.

Details

Reviewers
rnk
zturner
ruiu
Commits
rG2c95e798a0b9: [LLD][COFF] Report error when file will exceed Windows maximum image size (4GB)
rLLD322605: [LLD][COFF] Report error when file will exceed Windows maximum image size (4GB)
rL322605: [LLD][COFF] Report error when file will exceed Windows maximum image size (4GB)
Summary

Currently, when a large PE (>4 GiB) is to be produced, a crash occurs because:

  1. Calling setOffset with a number greater than UINT32_MAX causes the PointerToRawData to overflow
  2. When adding the symbol table to the end of the file, the last section's offset was used to calculate file size. Because this had overflowed, this number was too low, and the file created would not be large enough. This lead to the actual crash I saw, which was a buffer overrun.

This change:

  1. Adds comment to setOffset, clarifying that overflow can occur, but it's somewhat safe because the error will be handled elsewhere
  2. Adds file size check after all output data has been created This matches the MS link.exe error, which looks prints as: "LINK : fatal error LNK1248: image size (10000EFC9) exceeds maximum allowable size (FFFFFFFF)"
  3. Changes calculate of the symbol table offset to just use the existing FileSize. This should match the previous calculations, but doesn't rely on the use of a u32 that can overflow.
  4. Removes trivial usage of a magic number that bugged me while I was debugging the issue

I'm not sure how to add a test for this outside of adding 4GB of object files to the repo. If there's an easier way, let me know and I'll be happy to add a test.

Diff Detail

Repository
rL LLVM

Event Timeline

colden created this revision.Jan 12 2018, 1:56 PM
zturner added a reviewer: ruiu.Jan 12 2018, 2:29 PM
ruiu added a comment.Jan 12 2018, 2:54 PM

Generally looking fine.

tools/lld/COFF/Writer.cpp
302 ↗(On Diff #129522)

I feel printing out a file size in hexadecimal is somewhat unusual. Maybe decimal is better?

colden added inline comments.Jan 12 2018, 3:30 PM
tools/lld/COFF/Writer.cpp
302 ↗(On Diff #129522)

Yeah, I was kind of surprised to see the MS linker does hex. I think you're right though, I'll switch it back.

colden updated this revision to Diff 129729.Jan 12 2018, 4:20 PM

Switch error message to use decimal format from hex.

ruiu added inline comments.Jan 12 2018, 4:24 PM
tools/lld/COFF/Writer.cpp
303–305 ↗(On Diff #129729)

I believe you can do

fatal("image size ("+ Twine(FileSize) + ") exceeds maximum allowable size (" + Twine(UINT32_MAX) + ")");

colden updated this revision to Diff 129735.Jan 12 2018, 4:42 PM

Turns out you can do the easier thing

ruiu accepted this revision.Jan 12 2018, 4:45 PM

LGTM. Thanks!

This revision is now accepted and ready to land.Jan 12 2018, 4:45 PM
colden added a comment.Jan 12 2018, 4:50 PM

Thanks for the quick reviews!

Would you mind committing this for me?

colden added a comment.Jan 16 2018, 9:18 AM

Bump, could someone submit this for me?

rnk added inline comments.Jan 16 2018, 9:22 AM
tools/lld/COFF/Writer.cpp
303–305 ↗(On Diff #129729)

Apologies in advance for nit picking, but why not say something more human readable like "4GB"?

colden added inline comments.Jan 16 2018, 9:26 AM
tools/lld/COFF/Writer.cpp
303–305 ↗(On Diff #129729)

No problem, I'm happy to entertain nits :)

If we do this, I think we should represent the current size in GB as well. Printing two numbers that are not directly comparable would drive me nuts as a user. Is there an easy conversion function for this somewhere, or should I just static_cast to float and divide by 1073741824?

rnk added inline comments.Jan 16 2018, 10:34 AM
tools/lld/COFF/Writer.cpp
303–305 ↗(On Diff #129729)

Nevermind, I think comparability is a great reason to keep this as it is.

Closed by commit rL322605: [LLD][COFF] Report error when file will exceed Windows maximum image size (4GB) (authored by ruiu). · Explain WhyJan 16 2018, 5:09 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
trunk/
COFF/
13 lines

Diff 130071

lld/trunk/COFF/Writer.cpp

Show First 20 LinesShow All 171 Lines▼ Show 20 Lines
} }
void OutputSection::setFileOffset(uint64_t Off) { void OutputSection::setFileOffset(uint64_t Off) {
// If a section has no actual data (i.e. BSS section), we want to // If a section has no actual data (i.e. BSS section), we want to
// set 0 to its PointerToRawData. Otherwise the output is rejected // set 0 to its PointerToRawData. Otherwise the output is rejected
// by the loader. // by the loader.
if (Header.SizeOfRawData == 0) if (Header.SizeOfRawData == 0)
return; return;
// It is possible that this assignment could cause an overflow of the u32,
// but that should be caught by the FileSize check in OutputSection::run().
Header.PointerToRawData = Off; Header.PointerToRawData = Off;
} }
void OutputSection::addChunk(Chunk *C) { void OutputSection::addChunk(Chunk *C) {
Chunks.push_back(C); Chunks.push_back(C);
C->setOutputSection(this); C->setOutputSection(this);
uint64_t Off = Header.VirtualSize; uint64_t Off = Header.VirtualSize;
Off = alignTo(Off, C->Alignment); Off = alignTo(Off, C->Alignment);
▲ Show 20 LinesShow All 102 Lines▼ Show 20 Linesvoid Writer::run() {
createExportTable(); createExportTable();
if (Config->Relocatable) if (Config->Relocatable)
createSection(".reloc"); createSection(".reloc");
assignAddresses(); assignAddresses();
removeEmptySections(); removeEmptySections();
setSectionPermissions(); setSectionPermissions();
createSymbolAndStringTable(); createSymbolAndStringTable();
if (FileSize > UINT32_MAX)
fatal("image size (" + Twine(FileSize) + ") " +
"exceeds maximum allowable size (" + Twine(UINT32_MAX) + ")");
// We must do this before opening the output file, as it depends on being able // We must do this before opening the output file, as it depends on being able
// to read the contents of the existing output file. // to read the contents of the existing output file.
PreviousBuildId = loadExistingBuildId(Config->OutputFile); PreviousBuildId = loadExistingBuildId(Config->OutputFile);
openFile(Config->OutputFile); openFile(Config->OutputFile);
if (Config->is64()) { if (Config->is64()) {
writeHeader<pe32plus_header>(); writeHeader<pe32plus_header>();
} else { } else {
writeHeader<pe32_header>(); writeHeader<pe32_header>();
▲ Show 20 LinesShow All 260 Lines▼ Show 20 Lines for (ObjFile *File : ObjFile::Instances) {
OutputSymtab.push_back(*Sym); OutputSymtab.push_back(*Sym);
} }
} }
} }
if (OutputSymtab.empty() && Strtab.empty()) if (OutputSymtab.empty() && Strtab.empty())
return; return;
OutputSection *LastSection = OutputSections.back();
// We position the symbol table to be adjacent to the end of the last section. // We position the symbol table to be adjacent to the end of the last section.
uint64_t FileOff = LastSection->getFileOff() + uint64_t FileOff = FileSize;
alignTo(LastSection->getRawSize(), SectorSize);
PointerToSymbolTable = FileOff; PointerToSymbolTable = FileOff;
FileOff += OutputSymtab.size() * sizeof(coff_symbol16); FileOff += OutputSymtab.size() * sizeof(coff_symbol16);
FileOff += 4 + Strtab.size(); FileOff += 4 + Strtab.size();
FileSize = alignTo(FileOff, SectorSize); FileSize = alignTo(FileOff, SectorSize);
} }
// Visits all sections to assign incremental, non-overlapping RVAs and // Visits all sections to assign incremental, non-overlapping RVAs and
// file offsets. // file offsets.
void Writer::assignAddresses() { void Writer::assignAddresses() {
SizeOfHeaders = DOSStubSize + sizeof(PEMagic) + sizeof(coff_file_header) + SizeOfHeaders = DOSStubSize + sizeof(PEMagic) + sizeof(coff_file_header) +
sizeof(data_directory) * NumberfOfDataDirectory + sizeof(data_directory) * NumberfOfDataDirectory +
sizeof(coff_section) * OutputSections.size(); sizeof(coff_section) * OutputSections.size();
SizeOfHeaders += SizeOfHeaders +=
Config->is64() ? sizeof(pe32plus_header) : sizeof(pe32_header); Config->is64() ? sizeof(pe32plus_header) : sizeof(pe32_header);
SizeOfHeaders = alignTo(SizeOfHeaders, SectorSize); SizeOfHeaders = alignTo(SizeOfHeaders, SectorSize);
uint64_t RVA = 0x1000; // The first page is kept unmapped. uint64_t RVA = PageSize; // The first page is kept unmapped.
FileSize = SizeOfHeaders; FileSize = SizeOfHeaders;
// Move DISCARDABLE (or non-memory-mapped) sections to the end of file because // Move DISCARDABLE (or non-memory-mapped) sections to the end of file because
// the loader cannot handle holes. // the loader cannot handle holes.
std::stable_partition( std::stable_partition(
OutputSections.begin(), OutputSections.end(), [](OutputSection *S) { OutputSections.begin(), OutputSections.end(), [](OutputSection *S) {
return (S->getPermissions() & IMAGE_SCN_MEM_DISCARDABLE) == 0; return (S->getPermissions() & IMAGE_SCN_MEM_DISCARDABLE) == 0;
}); });
for (OutputSection *Sec : OutputSections) { for (OutputSection *Sec : OutputSections) {
▲ Show 20 LinesShow All 370 LinesShow Last 20 Lines