This is an archive of the discontinued LLVM Phabricator instance.

Differential D45789

Fix nullptr passed to memcpy in lld/COFF/Chunks.cpp
ClosedPublic

Authored by inglorion on Apr 18 2018, 4:32 PM.

Details

Reviewers
ruiu
Commits
rG8679a7ecea9b: Fix nullptr passed to memcpy in lld/COFF/Chunks.cpp
rL330490: Fix nullptr passed to memcpy in lld/COFF/Chunks.cpp
rLLD330490: Fix nullptr passed to memcpy in lld/COFF/Chunks.cpp
Summary

ubsan found that we sometimes pass nullptr to memcpy in
SectionChunk::writeTo(). This change adds a check that avoids that.

Diff Detail

Repository
rLLD LLVM Linker

Event Timeline

inglorion created this revision.Apr 18 2018, 4:32 PM
Harbormaster completed remote builds in B17199: Diff 143027.Apr 18 2018, 4:33 PM
ruiu added inline comments.Apr 18 2018, 4:57 PM
lld/COFF/Chunks.cpp
274–276 ↗(On Diff #143027)

I feel like

if (A.size() > 0)
  memcpy(...)

is slightly better. Returning from the function is correct because we only process relocations after this point in this function, and if a section is size 0, there should be no relocations. But I had to think for a while to understand that doing it is correct. So, just skipping memcpy would be slightly better in my opinion.

inglorion updated this revision to Diff 143157.Apr 19 2018, 1:27 PM

@ruiu, how about this?

Harbormaster completed remote builds in B17235: Diff 143157.Apr 19 2018, 1:30 PM
ruiu added a comment.Apr 19 2018, 2:55 PM

This is not actually that important, but I think I prefer my original suggestion. At least we shouldn't use assert() to report a broken file.

inglorion updated this revision to Diff 143397.Apr 20 2018, 2:53 PM
inglorion marked an inline comment as done.

Fair enough. Changed it to only do the memcpy if the ArrayRef is not
empty, and otherwise leave the function alone.

Harbormaster completed remote builds in B17298: Diff 143397.Apr 20 2018, 2:54 PM
ruiu accepted this revision.Apr 20 2018, 3:08 PM

LGTM

This revision is now accepted and ready to land.Apr 20 2018, 3:08 PM
Closed by commit rLLD330490: Fix nullptr passed to memcpy in lld/COFF/Chunks.cpp (authored by inglorion). · Explain WhyApr 20 2018, 3:19 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
COFF/
3 lines

Diff 143400

COFF/Chunks.cpp

Show First 20 LinesShow All 265 Lines▼ Show 20 Linesvoid SectionChunk::applyRelARM64(uint8_t *Off, uint16_t Type, OutputSection *OS,
} }
} }
void SectionChunk::writeTo(uint8_t *Buf) const { void SectionChunk::writeTo(uint8_t *Buf) const {
if (!hasData()) if (!hasData())
return; return;
// Copy section contents from source object file to output file. // Copy section contents from source object file to output file.
ArrayRef<uint8_t> A = getContents(); ArrayRef<uint8_t> A = getContents();
if (!A.empty())
memcpy(Buf + OutputSectionOff, A.data(), A.size()); memcpy(Buf + OutputSectionOff, A.data(), A.size());
// Apply relocations. // Apply relocations.
size_t InputSize = getSize(); size_t InputSize = getSize();
for (const coff_relocation &Rel : Relocs) { for (const coff_relocation &Rel : Relocs) {
// Check for an invalid relocation offset. This check isn't perfect, because // Check for an invalid relocation offset. This check isn't perfect, because
// we don't have the relocation size, which is only known after checking the // we don't have the relocation size, which is only known after checking the
// machine and relocation type. As a result, a relocation may overwrite the // machine and relocation type. As a result, a relocation may overwrite the
// beginning of the following input section. // beginning of the following input section.
▲ Show 20 LinesShow All 334 LinesShow Last 20 Lines