This is an archive of the discontinued LLVM Phabricator instance.

Differential D53690

[llvm-objdump] Don't Crash When Using `-a` on Non-Archives (PR39402)
ClosedPublic

Authored by Higuoxing on Oct 25 2018, 1:13 AM.

Details

Reviewers
jhenderson
MaskRay
echristo
Commits
rGc1608c96f6cc: [llvm-objdump] Don't crash when using `-a` on non-archives
rL345503: [llvm-objdump] Don't crash when using `-a` on non-archives
Summary

The crash was caused when dereferencing nullptr in DumpObject and printArchiveChild.

In DumpObject, we have

2311    StringRef ArchiveName = a != nullptr ? a->getFileName() : "";
...
2323      printArchiveChild(a->getFileName(), *c);
2368    StringRef ArchiveName = A ? A->getFileName() : "";
...
2378      printArchiveChild(A->getFileName(), *C);

Look, this will cause segment fault when we use -a option on Non-archive files.
Besides, in printArchiveChild

2236  static void printArchiveChild(StringRef Filename, const Archive::Child &C) {
2237    Expected<sys::fs::perms> ModeOrErr = C.getAccessMode();
...

This can also cause segment fault when calling C.getAccessMode() (&C can be nullptr).

I update the printArchiveChild argument by taking a pointer of Archive::Child and check whether it's a nullptr.

This is a draft, I will add some tests later.

Any suggestions are welcoming, thanks

Bugzilla – Bug 39402

Diff Detail

Repository
rL LLVM

Event Timeline

Higuoxing created this revision.Oct 25 2018, 1:13 AM
Herald added a subscriber: llvm-commits. · View Herald TranscriptOct 25 2018, 1:14 AM
Higuoxing added inline comments.Oct 25 2018, 1:23 AM
tools/llvm-objdump/llvm-objdump.cpp
2408 ↗(On Diff #171045)

Here, Archive::Child *C will be nullptr

2410 ↗(On Diff #171045)

Here, Archive::Child *C will be nullptr as well

Higuoxing added inline comments.Oct 25 2018, 1:32 AM
tools/llvm-objdump/llvm-objdump.cpp
2408 ↗(On Diff #171045)

Sorry, here, Archive::Child *C will not be nullptr

Higuoxing updated this revision to Diff 171051.Oct 25 2018, 1:52 AM

Add simple test which will cause crash in previous 'nullptr dereferencing' version

Higuoxing added reviewers: MaskRay, echristo.Oct 27 2018, 11:40 AM
MaskRay added inline comments.Oct 27 2018, 4:40 PM
tools/llvm-objdump/llvm-objdump.cpp
2410 ↗(On Diff #171045)

DumpObject has only two call sites. Do you think it is better deleting its default arguments and passing nullptr explicitly?

Higuoxing added inline comments.Oct 27 2018, 9:25 PM
tools/llvm-objdump/llvm-objdump.cpp
2410 ↗(On Diff #171045)

Thanks a lot, I agree with you :)

eush added a subscriber: eush.Oct 28 2018, 3:15 AM
eush added inline comments.
tools/llvm-objdump/llvm-objdump.cpp
2309 ↗(On Diff #171051)

It seems like you could just add && c here and in the second overload and the signature of printArchiveChild could stay the same.

Higuoxing updated this revision to Diff 171444.Oct 28 2018, 6:05 PM
Higuoxing marked an inline comment as done.Oct 28 2018, 6:08 PM
Higuoxing added inline comments.
tools/llvm-objdump/llvm-objdump.cpp
2309 ↗(On Diff #171051)

Thanks a lot, but I think checking nullptr inside printArchiveChild will be more readable ?

eush added inline comments.Oct 28 2018, 11:01 PM
tools/llvm-objdump/llvm-objdump.cpp
2309 ↗(On Diff #171051)

I disagree. DumpArchive, DumpObject, as well as other functions in this file are never called on nullptr, the pattern is to check first, then call. Why should printArchiveChild work differently?

Also, from code-complexity point of view, this patch introduces one new conditional statement where there could be none.

Higuoxing updated this revision to Diff 171460.Oct 29 2018, 12:56 AM
Higuoxing marked an inline comment as done.Oct 29 2018, 1:01 AM
Higuoxing added inline comments.
tools/llvm-objdump/llvm-objdump.cpp
2309 ↗(On Diff #171051)

Sorry, I misunderstand your opinion. I just want to make a safe printArchiveName, it seems that not a good idea to introduce a new conditional statement ... thanks a lot

jhenderson added inline comments.Oct 29 2018, 4:10 AM
test/tools/llvm-objdump/non-archive-object.test
3–4 ↗(On Diff #171460)

I don't think you need to worry about testing both switches in this test, as this is testing a specific aspect of the switch, rather than the generic behaviour. That will then allow you to write the llvm-objdump and FileCheck on the same line:

# RUN: llvm-objdump --archive-headers %t | FileCheck %s

tools/llvm-objdump/llvm-objdump.cpp
2309 ↗(On Diff #171051)

Personally, I'm a big fan of being explicit in my checks against null, i.e. write c != nullptr instead of just c, but I'm not too bothered either way.

Higuoxing updated this revision to Diff 171482.Oct 29 2018, 4:19 AM
Higuoxing marked an inline comment as done.
jhenderson accepted this revision.Oct 29 2018, 4:41 AM

LGTM, with the nit.

test/tools/llvm-objdump/non-archive-object.test
4 ↗(On Diff #171482)

Nit: "If this test has not crashed..."

This revision is now accepted and ready to land.Oct 29 2018, 4:41 AM
Higuoxing updated this revision to Diff 171484.Oct 29 2018, 4:54 AM

Fix typo. Thanks a lot for all of your help :)

jhenderson added a comment.Oct 29 2018, 5:26 AM

Do you need help committing this again? If so, could you confirm how I should write your name in the attribution, please? (e.g. Xing Guo/Guo Xing etc)

Higuoxing added a comment.Oct 29 2018, 6:52 AM
In D53690#1278729, @jhenderson wrote:

Do you need help committing this again? If so, could you confirm how I should write your name in the attribution, please? (e.g. Xing Guo/Guo Xing etc)

Thanks a lot, I don't have commit permission. Please help me commit it ... Thanks a lot

Xing GUO is ok :)

Closed by commit rL345503: [llvm-objdump] Don't crash when using `-a` on non-archives (authored by jhenderson). · Explain WhyOct 29 2018, 7:19 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
test/
tools/
llvm-objdump/
25 lines
tools/
llvm-objdump/
8 lines

Diff 171497

llvm/trunk/test/tools/llvm-objdump/non-archive-object.test

# RUN: yaml2obj %s > %t
# RUN: llvm-objdump -a %t | FileCheck %s
# If this test has not crashed, then this test passed.
# CHECK: file format ELF64-x86-64
!ELF
FileHeader:
Class: ELFCLASS64
Data: ELFDATA2LSB
Type: ET_EXEC
Machine: EM_X86_64
Sections:
- Name: .bss
Type: SHT_NOBITS
Flags: [ SHF_ALLOC ]
AddressAlign: 0x0000000000000010
Size: 64
- Name: .text
Type: SHT_PROGBITS
Flags: [ SHF_ALLOC, SHF_EXECINSTR ]
AddressAlign: 0x0000000000000010
Content: "01234567"
Size: 4

llvm/trunk/tools/llvm-objdump/llvm-objdump.cpp

Show First 20 LinesShow All 2,303 Lines▼ Show 20 Lines if (!RawClangAST) {
outs() << '\n'; outs() << '\n';
if (a) if (a)
outs() << a->getFileName() << "(" << o->getFileName() << ")"; outs() << a->getFileName() << "(" << o->getFileName() << ")";
else else
outs() << o->getFileName(); outs() << o->getFileName();
outs() << ":\tfile format " << o->getFileFormatName() << "\n\n"; outs() << ":\tfile format " << o->getFileFormatName() << "\n\n";
} }
if (ArchiveHeaders && !MachOOpt) if (ArchiveHeaders && !MachOOpt && c)
printArchiveChild(a->getFileName(), *c); printArchiveChild(ArchiveName, *c);
if (Disassemble) if (Disassemble)
DisassembleObject(o, Relocations); DisassembleObject(o, Relocations);
if (Relocations && !Disassemble) if (Relocations && !Disassemble)
PrintRelocations(o); PrintRelocations(o);
if (DynamicRelocations) if (DynamicRelocations)
PrintDynamicRelocations(o); PrintDynamicRelocations(o);
if (SectionHeaders) if (SectionHeaders)
PrintSectionHeaders(o); PrintSectionHeaders(o);
Show All 36 Linesstatic void DumpObject(const COFFImportFile *I, const Archive *A,
// Avoid other output when using a raw option. // Avoid other output when using a raw option.
if (!RawClangAST) if (!RawClangAST)
outs() << '\n' outs() << '\n'
<< ArchiveName << "(" << I->getFileName() << ")" << ArchiveName << "(" << I->getFileName() << ")"
<< ":\tfile format COFF-import-file" << ":\tfile format COFF-import-file"
<< "\n\n"; << "\n\n";
if (ArchiveHeaders && !MachOOpt) if (ArchiveHeaders && !MachOOpt && C)
printArchiveChild(A->getFileName(), *C); printArchiveChild(ArchiveName, *C);
if (SymbolTable) if (SymbolTable)
printCOFFSymbolTable(I); printCOFFSymbolTable(I);
} }
/// Dump each object file in \a a; /// Dump each object file in \a a;
static void DumpArchive(const Archive *a) { static void DumpArchive(const Archive *a) {
Error Err = Error::success(); Error Err = Error::success();
for (auto &C : a->children(Err)) { for (auto &C : a->children(Err)) {
▲ Show 20 LinesShow All 108 LinesShow Last 20 Lines