This is an archive of the discontinued LLVM Phabricator instance.

[llvm-readelf] - Do not crash when relocation references a STT_SECTION symbol for the null section.
ClosedPublic

Authored by grimar on Jun 15 2020, 5:13 AM.

Download Raw Diff

Details

Reviewers

jhenderson
MaskRay
• espindola

Commits

rG3961438c7844: [llvm-readelf] - Do not crash when relocation references a STT_SECTION symbol…

Summary

Currently, llvm-readelf crashes when there is a STT_SECTION symbol for the null section
and this symbol is used in a relocation.

This patch fixes the issue.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

grimar created this revision.Jun 15 2020, 5:13 AM

Herald added a reviewer: • espindola. · View Herald TranscriptJun 15 2020, 5:13 AM

Herald added a project: Restricted Project. · View Herald Transcript

Herald added subscribers: rupprecht, emaste. · View Herald Transcript

Nice catch, LGTM. You've now got me wondering how you found this issue!

This revision is now accepted and ready to land.Jun 16 2020, 2:00 AM

In D81840#2095002, @jhenderson wrote:

Nice catch, LGTM. You've now got me wondering how you found this issue!

I was using AFL (https://lcamtuf.coredump.cx/afl/) to collect broken inputs causing crashes/hangs.
And now I am investigating and trying to fix what I've found.

Closed by commit rG3961438c7844: [llvm-readelf] - Do not crash when relocation references a STT_SECTION symbol… (authored by grimar). · Explain WhyJun 16 2020, 5:32 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

test/

tools/

llvm-readobj/

ELF/

reloc-zero-name-or-value.test

23 lines

tools/

llvm-readobj/

ELFDumper.cpp

3 lines

Diff 271063

llvm/test/tools/llvm-readobj/ELF/reloc-zero-name-or-value.test

# Show that the value field is omitted if a symbol has no name or value, but is		# Show that the value field is omitted if a symbol has no name or value, but is
# printed if one is present. Test for both static and dynamic relocation		# printed if one is present. Test for both static and dynamic relocation
# printing.		# printing.

# RUN: yaml2obj %s -o %t		# RUN: yaml2obj %s -o %t
# RUN: llvm-readelf --relocations --dyn-relocations %t \| FileCheck %s		# RUN: llvm-readelf --relocations --dyn-relocations %t \| FileCheck %s

# CHECK: Relocation section '.rela.text' at offset {{.*}} contains 3 entries:		# CHECK: Relocation section '.rela.text' at offset {{.*}} contains 4 entries:
# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend		# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1		# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1
# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1		# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1
# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456		# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456
		# CHECK-NEXT: 0000000000000000 0000000300000000 R_X86_64_NONE 678

# CHECK: Relocation section '.rela.dyn' at offset {{.*}} contains 3 entries:		# CHECK: Relocation section '.rela.dyn' at offset {{.*}} contains 4 entries:
# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend		# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1		# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1
# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1		# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1
# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456		# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456
		# CHECK-NEXT: 0000000000000000 0000000300000000 R_X86_64_NONE 678

# CHECK: 'RELA' relocation section at offset {{.*}} contains 72 bytes:		# CHECK: 'RELA' relocation section at offset {{.*}} contains 96 bytes:
# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend		# CHECK-NEXT: Offset Info Type Symbol's Value Symbol's Name + Addend
# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1		# CHECK-NEXT: 0000000000000000 0000000000000000 R_X86_64_NONE 1
# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1		# CHECK-NEXT: 0000000000000000 0000000100000000 R_X86_64_NONE 0000000000000000 sym + 1
# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456		# CHECK-NEXT: 0000000000000000 0000000200000000 R_X86_64_NONE 0000000000000123 456
		# CHECK-NEXT: 0000000000000000 0000000300000000 R_X86_64_NONE 678

--- !ELF		--- !ELF
FileHeader:		FileHeader:
Class: ELFCLASS64		Class: ELFCLASS64
Data: ELFDATA2LSB		Data: ELFDATA2LSB
Type: ET_EXEC		Type: ET_EXEC
Machine: EM_X86_64		Machine: EM_X86_64
Sections:		Sections:
Show All 11 Lines	Relocations:
- Offset: 0		- Offset: 0
Type: R_X86_64_NONE		Type: R_X86_64_NONE
Addend: 1		Addend: 1
Symbol: sym		Symbol: sym
- Offset: 0		- Offset: 0
Type: R_X86_64_NONE		Type: R_X86_64_NONE
Addend: 0x456		Addend: 0x456
Symbol: 2		Symbol: 2
		- Offset: 0
		Addend: 0x678
		Type: R_X86_64_NONE
		Symbol: 3
- Name: .dynamic		- Name: .dynamic
Type: SHT_DYNAMIC		Type: SHT_DYNAMIC
Flags: [SHF_ALLOC]		Flags: [SHF_ALLOC]
Address: 0x1000		Address: 0x1000
AddressAlign: 0x1000		AddressAlign: 0x1000
Entries:		Entries:
- Tag: DT_RELA		- Tag: DT_RELA
Value: 0x1100		Value: 0x1100
- Tag: DT_RELASZ		- Tag: DT_RELASZ
Value: 72		Value: 96
- Tag: DT_RELAENT		- Tag: DT_RELAENT
Value: 24		Value: 24
- Tag: DT_NULL		- Tag: DT_NULL
Value: 0		Value: 0
- Name: .rela.dyn		- Name: .rela.dyn
Type: SHT_RELA		Type: SHT_RELA
Flags: [SHF_ALLOC]		Flags: [SHF_ALLOC]
Info: .text		Info: .text
Address: 0x1100		Address: 0x1100
AddressAlign: 0x100		AddressAlign: 0x100
Relocations:		Relocations:
- Offset: 0		- Offset: 0
Type: R_X86_64_NONE		Type: R_X86_64_NONE
Addend: 1		Addend: 1
- Offset: 0		- Offset: 0
Type: R_X86_64_NONE		Type: R_X86_64_NONE
Addend: 1		Addend: 1
Symbol: sym		Symbol: sym
- Offset: 0		- Offset: 0
Type: R_X86_64_NONE		Type: R_X86_64_NONE
Addend: 0x456		Addend: 0x456
Symbol: 2		Symbol: 2
		- Offset: 0
		Addend: 0x678
		Type: R_X86_64_NONE
		Symbol: 3
Symbols:		Symbols:
- Name: sym		- Name: sym
Value: 0		Value: 0
Section: .text		Section: .text
Binding: STB_GLOBAL		Binding: STB_GLOBAL
- Value: 0x123		- Value: 0x123
Section: .text		Section: .text
Binding: STB_GLOBAL		Binding: STB_GLOBAL
		- Type: STT_SECTION
		Index: 0
DynamicSymbols:		DynamicSymbols:
- Name: sym		- Name: sym
Value: 0		Value: 0
Section: .text		Section: .text
Binding: STB_GLOBAL		Binding: STB_GLOBAL
- Value: 0x123		- Value: 0x123
Section: .text		Section: .text
Binding: STB_GLOBAL		Binding: STB_GLOBAL
		- Type: STT_SECTION
		Index: 0
ProgramHeaders:		ProgramHeaders:
- Type: PT_LOAD		- Type: PT_LOAD
VAddr: 0x1000		VAddr: 0x1000
Sections:		Sections:
- Section: .dynamic		- Section: .dynamic
- Section: .rela.dyn		- Section: .rela.dyn
- Type: PT_DYNAMIC		- Type: PT_DYNAMIC
VAddr: 0x1000		VAddr: 0x1000
Sections:		Sections:
- Section: .dynamic		- Section: .dynamic

llvm/tools/llvm-readobj/ELFDumper.cpp

Show First 20 Lines • Show All 1,076 Lines • ▼ Show 20 Lines	ELFDumper<ELFT>::getRelocationTarget(const Elf_Shdr *SymTab,

// The st_name field of a STT_SECTION is usually 0 (empty string).		// The st_name field of a STT_SECTION is usually 0 (empty string).
// This code block returns the section name.		// This code block returns the section name.
if (Sym->getType() == ELF::STT_SECTION) {		if (Sym->getType() == ELF::STT_SECTION) {
Expected<const Elf_Shdr *> SecOrErr =		Expected<const Elf_Shdr *> SecOrErr =
Obj->getSection(Sym, SymTab, ShndxTable);		Obj->getSection(Sym, SymTab, ShndxTable);
if (!SecOrErr)		if (!SecOrErr)
return SecOrErr.takeError();		return SecOrErr.takeError();
		// A section symbol describes the section at index 0.
		if (*SecOrErr == nullptr)
		return std::make_pair(Sym, "");

Expected<StringRef> NameOrErr = Obj->getSectionName(*SecOrErr);		Expected<StringRef> NameOrErr = Obj->getSectionName(*SecOrErr);
if (!NameOrErr)		if (!NameOrErr)
return NameOrErr.takeError();		return NameOrErr.takeError();
return std::make_pair(Sym, NameOrErr->str());		return std::make_pair(Sym, NameOrErr->str());
}		}

Expected<StringRef> StrTableOrErr = Obj->getStringTableForSymtab(*SymTab);		Expected<StringRef> StrTableOrErr = Obj->getStringTableForSymtab(*SymTab);
▲ Show 20 Lines • Show All 5,781 Lines • Show Last 20 Lines