This is an archive of the discontinued LLVM Phabricator instance.

Differential D73560

[llvm-readobj] - Don't crash when dumping invalid dynamic relocation.
ClosedPublic

Authored by grimar on Jan 28 2020, 9:38 AM.

Details

Reviewers
jhenderson
MaskRay
espindola
Commits
rG0654005ab278: [llvm-readobj] - Don't crash when dumping invalid dynamic relocation.
Summary

Currently when we dump dynamic relocation with use of
DT_RELA/DT_RELASZ/DT_RELAENT tags, we crash when a symbol index
is larger than the number of dynamic symbols or
when there is no dynamic symbol table.

This patch adds test cases and fixes the issues.
It is rebased on top of D73484.

Diff Detail

Event Timeline

grimar created this revision.Jan 28 2020, 9:38 AM
Herald added a reviewer: espindola. · View Herald TranscriptJan 28 2020, 9:38 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: rupprecht, emaste. · View Herald Transcript
grimar added a parent revision: D73484: [llvm-readobj] - Improve error message reported by DynRegionInfo..Jan 28 2020, 9:38 AM
grimar updated this revision to Diff 240913.Jan 28 2020, 9:41 AM
  • Added a new line at EOF to the test.
jhenderson added inline comments.Jan 30 2020, 1:27 AM
llvm/test/tools/llvm-readobj/ELF/broken-dynamic-reloc.test
383–384

Do we have a test case somewhere that shows that relocations without symbols (e.g. R_X86_64_RELATIVE) are handled fine without warning?

428

when the symbol index...

435

larger or equal to -> greater than or equal to

(that's the more common way of saying '>=')

llvm/test/tools/llvm-readobj/ELF/dynamic-reloc-no-section-headers.test
2

May be worth splitting this line into two.

llvm/tools/llvm-readobj/ELFDumper.cpp
4049

don't -> not

grimar updated this revision to Diff 241409.Jan 30 2020, 4:23 AM
grimar marked 6 inline comments as done.
  • Addressed review comments.
llvm/test/tools/llvm-readobj/ELF/broken-dynamic-reloc.test
383–384

Yes, I think the test case is:
https://github.com/llvm/llvm-project/blob/master/llvm/test/tools/llvm-readobj/ELF/reloc-zero-name-or-value.test#L22
We have the R_X86_64_NONE dynamic relocation with no symbol and no warnings.

jhenderson accepted this revision.Jan 31 2020, 1:32 AM

LGTM.

This revision is now accepted and ready to land.Jan 31 2020, 1:32 AM
Closed by commit rG0654005ab278: [llvm-readobj] - Don't crash when dumping invalid dynamic relocation. (authored by grimar). · Explain WhyJan 31 2020, 2:26 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
test/
tools/
llvm-readobj/
ELF/
99 lines
69 lines
tools/
llvm-readobj/
36 lines

Diff 241409

llvm/test/tools/llvm-readobj/ELF/broken-dynamic-reloc.test

Show First 20 LinesShow All 367 Lines▼ Show 20 Lines Entries:
- Tag: DT_NULL - Tag: DT_NULL
Value: 0x0 Value: 0x0
DynamicSymbols: [] DynamicSymbols: []
ProgramHeaders: ProgramHeaders:
- Type: PT_LOAD - Type: PT_LOAD
Sections: Sections:
- Section: .rela.plt - Section: .rela.plt
- Section: .dynamic - Section: .dynamic
## Show we print a warning when dumping dynamic relocations if there is no dynamic symbol table.
# RUN: yaml2obj --docnum=11 %s -o %t11
# RUN: llvm-readobj --dyn-relocations %t11 2>&1 | FileCheck %s -DFILE=%t11 --check-prefix=LLVM-NO-DYNSYM
# RUN: llvm-readelf --dyn-relocations %t11 2>&1 | FileCheck %s -DFILE=%t11 --check-prefix=GNU-NO-DYNSYM
# LLVM-NO-DYNSYM: Dynamic Relocations {
# LLVM-NO-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 0: no dynamic symbol table found
# LLVM-NO-DYNSYM-NEXT: 0x0 R_X86_64_NONE <corrupt> 0x0
jhendersonUnsubmitted
Done
ReplyInline Actions

Do we have a test case somewhere that shows that relocations without symbols (e.g. R_X86_64_RELATIVE) are handled fine without warning?

jhenderson: Do we have a test case somewhere that shows that relocations without symbols (e.g.
grimarAuthorUnsubmitted
Done
ReplyInline Actions

Yes, I think the test case is:
https://github.com/llvm/llvm-project/blob/master/llvm/test/tools/llvm-readobj/ELF/reloc-zero-name-or-value.test#L22
We have the R_X86_64_NONE dynamic relocation with no symbol and no warnings.

grimar: Yes, I think the test case is: https://github.com/llvm/llvm…
# LLVM-NO-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 1: no dynamic symbol table found
# LLVM-NO-DYNSYM-NEXT: 0x0 R_X86_64_NONE <corrupt> 0x0
# LLVM-NO-DYNSYM-NEXT: }
# GNU-NO-DYNSYM: 'RELA' relocation section at offset 0x78 contains 48 bytes:
# GNU-NO-DYNSYM-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# GNU-NO-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 0: no dynamic symbol table found
# GNU-NO-DYNSYM-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE <corrupt> + 0
# GNU-NO-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 1: no dynamic symbol table found
# GNU-NO-DYNSYM-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE <corrupt> + 0
--- !ELF
FileHeader:
Class: ELFCLASS64
Data: ELFDATA2LSB
Type: ET_DYN
Machine: EM_X86_64
Sections:
- Name: .rela.dyn
Type: SHT_RELA
Relocations:
- Offset: 0x0
Type: R_X86_64_NONE
- Offset: 0x0
Type: R_X86_64_NONE
Symbol: 0x1
- Name: .dynamic
Type: SHT_DYNAMIC
Entries:
- Tag: DT_RELA
Value: 0x0
- Tag: DT_RELASZ
Value: 0x30
- Tag: DT_RELAENT
Value: 0x18
- Tag: DT_NULL
Value: 0x0
ProgramHeaders:
- Type: PT_LOAD
Sections:
- Section: .rela.dyn
- Section: .dynamic
## Show we print a warning when the symbol index of a dynamic relocation is too
jhendersonUnsubmitted
Done
ReplyInline Actions

when the symbol index...

jhenderson: when the symbol index...
## large (goes past the end of the dynamic symbol table).
# RUN: yaml2obj --docnum=12 %s -o %t12
# RUN: llvm-readobj --dyn-relocations %t12 2>&1 | FileCheck %s -DFILE=%t12 --check-prefix=LLVM-INVALID-DYNSYM
# RUN: llvm-readelf --dyn-relocations %t12 2>&1 | FileCheck %s -DFILE=%t12 --check-prefix=GNU-INVALID-DYNSYM
# LLVM-INVALID-DYNSYM: Dynamic Relocations {
# LLVM-INVALID-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 2: index is greater than or equal to the number of dynamic symbols (2)
jhendersonUnsubmitted
Done
ReplyInline Actions

larger or equal to -> greater than or equal to

(that's the more common way of saying '>=')

jhenderson: larger or equal to -> greater than or equal to (that's the more common way of saying '>=')
# LLVM-INVALID-DYNSYM-NEXT: 0x0 R_X86_64_NONE <corrupt> 0x0
# LLVM-INVALID-DYNSYM-NEXT: }
# GNU-INVALID-DYNSYM: 'RELA' relocation section at offset 0x78 contains 24 bytes:
# GNU-INVALID-DYNSYM-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# GNU-INVALID-DYNSYM-NEXT: warning: '[[FILE]]': unable to get name of the dynamic symbol with index 2: index is greater than or equal to the number of dynamic symbols (2)
# GNU-INVALID-DYNSYM-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE <corrupt> + 0
--- !ELF
FileHeader:
Class: ELFCLASS64
Data: ELFDATA2LSB
Type: ET_DYN
Machine: EM_X86_64
Sections:
- Name: .rela.dyn
Type: SHT_RELA
Relocations:
- Offset: 0x0
Type: R_X86_64_NONE
Symbol: 0x2
- Name: .dynamic
Type: SHT_DYNAMIC
Entries:
- Tag: DT_RELA
Value: 0x0
- Tag: DT_RELASZ
Value: 0x18
- Tag: DT_RELAENT
Value: 0x18
- Tag: DT_NULL
Value: 0x0
DynamicSymbols:
- Name: foo
ProgramHeaders:
- Type: PT_LOAD
Sections:
- Section: .rela.dyn
- Section: .dynamic

llvm/test/tools/llvm-readobj/ELF/dynamic-reloc-no-section-headers.test

  • This file was added.
## Test that we are able to print dynamic relocations with --dyn-relocations
## even when there are no section headers.
jhendersonUnsubmitted
Done
ReplyInline Actions

May be worth splitting this line into two.

jhenderson: May be worth splitting this line into two.
# RUN: yaml2obj %s -o %t
# RUN: llvm-readobj --dyn-relocations %t 2>&1 \
# RUN: | FileCheck %s -DFILE=%t --implicit-check-not="warning:" --check-prefix=LLVM-NO-SEC-TABLE
# RUN: llvm-readelf --dyn-relocations %t 2>&1 \
# RUN: | FileCheck %s -DFILE=%t --implicit-check-not="warning:" --check-prefix=GNU-NO-SEC-TABLE
# LLVM-NO-SEC-TABLE: Dynamic Relocations {
# LLVM-NO-SEC-TABLE-NEXT: 0x0 R_X86_64_NONE foo 0x0
# LLVM-NO-SEC-TABLE-NEXT: }
# GNU-NO-SEC-TABLE: 'RELA' relocation section at offset 0xb0 contains 24 bytes:
# GNU-NO-SEC-TABLE-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# GNU-NO-SEC-TABLE-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 foo + 0
--- !ELF
FileHeader:
Class: ELFCLASS64
Data: ELFDATA2LSB
Type: ET_DYN
Machine: EM_X86_64
## We simulate no section header table by
## overriding the ELF header properties.
SHOff: 0x0
SHNum: 0x0
Sections:
- Name: .rela.dyn
Type: SHT_RELA
Relocations:
- Offset: 0x0
Type: R_X86_64_NONE
Symbol: 0x1
- Name: .dynamic
Type: SHT_DYNAMIC
Entries:
- Tag: DT_RELA
Value: 0x0
- Tag: DT_RELASZ
Value: 0x18
- Tag: DT_RELAENT
Value: 0x18
## Offset of .dynsym is 0x138. Offset of PT_LOAD is 0xb0.
## 0x138 - 0xb0 == 0x88
- Tag: DT_SYMTAB
Value: 0x88
- Tag: DT_STRSZ
Value: 0x5
## Offset of .dynstr is 0x19f. Offset of PT_LOAD is 0xb0.
## 0x19f - 0xb0 == 0xef
- Tag: DT_STRTAB
Value: 0xef
- Tag: DT_NULL
Value: 0x0
- Name: .dynsym
Type: SHT_DYNSYM
DynamicSymbols:
- Name: foo
ProgramHeaders:
- Type: PT_LOAD
Sections:
- Section: .rela.dyn
- Section: .dynamic
Section: .dynsym
Section: .dynstr
- Type: PT_DYNAMIC
Sections:
- Section: .dynamic

llvm/tools/llvm-readobj/ELFDumper.cpp

Show First 20 LinesShow All 4,024 Lines▼ Show 20 Linestemplate <class ELFT> struct RelSymbol {
std::string Name; std::string Name;
}; };
template <class ELFT> template <class ELFT>
RelSymbol<ELFT> getSymbolForReloc(const ELFFile<ELFT> *Obj, StringRef FileName, RelSymbol<ELFT> getSymbolForReloc(const ELFFile<ELFT> *Obj, StringRef FileName,
const ELFDumper<ELFT> *Dumper, const ELFDumper<ELFT> *Dumper,
const typename ELFT::Rela &Reloc) { const typename ELFT::Rela &Reloc) {
uint32_t SymIndex = Reloc.getSymbol(Obj->isMips64EL()); uint32_t SymIndex = Reloc.getSymbol(Obj->isMips64EL());
const typename ELFT::Sym *Sym = Dumper->dynamic_symbols().begin() + SymIndex; auto WarnAndReturn = [&](const typename ELFT::Sym *Sym,
Expected<StringRef> ErrOrName = Sym->getName(Dumper->getDynamicStringTable()); const Twine &Reason) -> RelSymbol<ELFT> {
std::string Name;
if (ErrOrName) {
Name = maybeDemangle(*ErrOrName);
} else {
reportWarning( reportWarning(
createError("unable to get name of the dynamic symbol with index " + createError("unable to get name of the dynamic symbol with index " +
Twine(SymIndex) + ": " + toString(ErrOrName.takeError())), Twine(SymIndex) + ": " + Reason),
FileName); FileName);
Name = "<corrupt>"; return {Sym, "<corrupt>"};
} };
ArrayRef<typename ELFT::Sym> Symbols = Dumper->dynamic_symbols();
const typename ELFT::Sym *FirstSym = Symbols.begin();
if (!FirstSym)
return WarnAndReturn(nullptr, "no dynamic symbol table found");
// We might have an object without a section header. In this case the size of
// Symbols is zero, because there is no way to know the size of the dynamic
// table. We should allow this case and not print a warning.
jhendersonUnsubmitted
Done
ReplyInline Actions

don't -> not

jhenderson: don't -> not
if (!Symbols.empty() && SymIndex >= Symbols.size())
return WarnAndReturn(
nullptr,
"index is greater than or equal to the number of dynamic symbols (" +
Twine(Symbols.size()) + ")");
const typename ELFT::Sym *Sym = FirstSym + SymIndex;
Expected<StringRef> ErrOrName = Sym->getName(Dumper->getDynamicStringTable());
if (!ErrOrName)
return WarnAndReturn(Sym, toString(ErrOrName.takeError()));
return {Sym, std::move(Name)}; return {Sym, maybeDemangle(*ErrOrName)};
} }
} // namespace } // namespace
template <class ELFT> template <class ELFT>
void GNUStyle<ELFT>::printDynamicRelocation(const ELFO *Obj, Elf_Rela R, void GNUStyle<ELFT>::printDynamicRelocation(const ELFO *Obj, Elf_Rela R,
bool IsRela) { bool IsRela) {
RelSymbol<ELFT> S = getSymbolForReloc(Obj, this->FileName, this->dumper(), R); RelSymbol<ELFT> S = getSymbolForReloc(Obj, this->FileName, this->dumper(), R);
printRelocation(Obj, S.Sym, S.Name, R, IsRela); printRelocation(Obj, S.Sym, S.Name, R, IsRela);
▲ Show 20 LinesShow All 2,467 LinesShow Last 20 Lines