This is an archive of the discontinued LLVM Phabricator instance.

Avoid reading past end of archive looking for long file name
AbandonedPublic

Authored by inglorion on Apr 27 2018, 2:58 PM.

Download Raw Diff

Details

Reviewers

enderby
ruiu
• espindola
pcc

Summary

GNU-style archives store long file names separated by newlines. The
last file name is not followed by a newline. This change stops the
search for the newline at the end of the string table, which avoids
a crash.

Fixes PR37244.

Diff Detail

Build Status

Buildable 17509
Build 17509: arc lint + arc unit

Event Timeline

inglorion created this revision.Apr 27 2018, 2:58 PM

Herald added a subscriber: hiraditya. · View Herald TranscriptApr 27 2018, 2:58 PM

rnk edited reviewers, added: • espindola, pcc; removed: rnk.Apr 27 2018, 3:26 PM

Is it possible to construct a test case?

• espindola added inline comments.Apr 27 2018, 5:21 PM

llvm/lib/Object/Archive.cpp
186	This should be an error, no?

inglorion added inline comments.Apr 28 2018, 10:53 AM

llvm/lib/Object/Archive.cpp
186	Not as I understand it. If I understand the GNU format correctly, all long filenames end in a slash, but newline is only used as a separator, meaning the last file doesn't get one. So the name is delimited either by "/\n" or by "/" <EOF>.

A test case for this would be an archive with a long file name at the end of the string table. It may have to be a specific size to tickle the problem I'm trying to fix here, to prevent MemoryBuffer or the OS from padding the archive with 0 bytes, which would avoid the problem.

Unfortunately, I have to catch a plane and I'll be gone for a week. If anyone wants to commandeer this and land it, please go ahead.

smeenai mentioned this in D46527: Object: Find terminator correctly when getting long filenames from GNU archives.May 7 2018, 8:57 AM

We landed D46527 instead.

Revision Contents

Path

Size

llvm/

lib/

Object/

Archive.cpp

13 lines

Diff 144405

llvm/lib/Object/Archive.cpp

Show First 20 Lines • Show All 162 Lines • ▼ Show 20 Lines	if (Name.substr(1).rtrim(' ').getAsInteger(10, StringOffset)) {
Parent->getData().data();		Parent->getData().data();
return malformedError("long name offset characters after the '/' are "		return malformedError("long name offset characters after the '/' are "
"not all decimal numbers: '" + Buf + "' for "		"not all decimal numbers: '" + Buf + "' for "
"archive member header at offset " +		"archive member header at offset " +
Twine(ArchiveOffset));		Twine(ArchiveOffset));
}		}

// Verify it.		// Verify it.
if (StringOffset >= Parent->getStringTable().size()) {		StringRef ST = Parent->getStringTable();
		if (StringOffset >= ST.size()) {
uint64_t ArchiveOffset = reinterpret_cast<const char *>(ArMemHdr) -		uint64_t ArchiveOffset = reinterpret_cast<const char *>(ArMemHdr) -
Parent->getData().data();		Parent->getData().data();
return malformedError("long name offset " + Twine(StringOffset) + " past "		return malformedError("long name offset " + Twine(StringOffset) + " past "
"the end of the string table for archive member "		"the end of the string table for archive member "
"header at offset " + Twine(ArchiveOffset));		"header at offset " + Twine(ArchiveOffset));
}		}
const char *addr = Parent->getStringTable().begin() + StringOffset;

		const char *Start = ST.begin() + StringOffset;
// GNU long file names end with a "/\n".		// GNU long file names end with a "/\n".
if (Parent->kind() == Archive::K_GNU \|\|		if (Parent->kind() == Archive::K_GNU \|\|
Parent->kind() == Archive::K_GNU64) {		Parent->kind() == Archive::K_GNU64) {
StringRef::size_type End = StringRef(addr).find('\n');		StringRef::size_type End = ST.find('\n', StringOffset);
return StringRef(addr, End - 1);		if (End == StringRef::npos)
		End = ST.size();
		espindolaUnsubmitted Not Done Reply Inline Actions This should be an error, no? espindola: This should be an error, no?
		inglorionAuthorUnsubmitted Not Done Reply Inline Actions Not as I understand it. If I understand the GNU format correctly, all long filenames end in a slash, but newline is only used as a separator, meaning the last file doesn't get one. So the name is delimited either by "/\n" or by "/" <EOF>. inglorion: Not as I understand it. If I understand the GNU format correctly, all long filenames end in a…
		return StringRef(Start, End - StringOffset - 1);
}		}
return addr;		return Start;
}		}

if (Name.startswith("#1/")) {		if (Name.startswith("#1/")) {
uint64_t NameLength;		uint64_t NameLength;
if (Name.substr(3).rtrim(' ').getAsInteger(10, NameLength)) {		if (Name.substr(3).rtrim(' ').getAsInteger(10, NameLength)) {
std::string Buf;		std::string Buf;
raw_string_ostream OS(Buf);		raw_string_ostream OS(Buf);
OS.write_escaped(Name.substr(3).rtrim(' '));		OS.write_escaped(Name.substr(3).rtrim(' '));
▲ Show 20 Lines • Show All 799 Lines • Show Last 20 Lines