Skip to content

Commit 6744302

Browse files
author
George Rimar
committedOct 4, 2016
[Object/ELF] - Do not crash on invalid sh_offset value of REL[A] section.
Previously code would access invalid memory and may crash, patch fixes the issue. Differential revision: https://reviews.llvm.org/D25187 llvm-svn: 283204
·
llvmorg-21-initllvmorg-4.0.0-rc1
1 parent 7c4fe0e commit 6744302

File tree

4 files changed

+10
-0
lines changed

4 files changed

+10
-0
lines changed
 

‎llvm/include/llvm/Object/ELF.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,8 @@ class ELFFile {
137137
const Elf_Rela *rela_begin(const Elf_Shdr *sec) const {
138138
if (sec->sh_entsize != sizeof(Elf_Rela))
139139
report_fatal_error("Invalid relocation entry size");
140+
if (sec->sh_offset >= Buf.size())
141+
report_fatal_error("Invalid relocation entry offset");
140142
return reinterpret_cast<const Elf_Rela *>(base() + sec->sh_offset);
141143
}
142144

@@ -154,6 +156,8 @@ class ELFFile {
154156
const Elf_Rel *rel_begin(const Elf_Shdr *sec) const {
155157
if (sec->sh_entsize != sizeof(Elf_Rel))
156158
report_fatal_error("Invalid relocation entry size");
159+
if (sec->sh_offset >= Buf.size())
160+
report_fatal_error("Invalid relocation entry offset");
157161
return reinterpret_cast<const Elf_Rel *>(base() + sec->sh_offset);
158162
}
159163

‎llvm/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-i386

358 Bytes
Binary file not shown.

‎llvm/test/Object/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64

543 Bytes
Binary file not shown.

‎llvm/test/Object/invalid.test

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,3 +58,9 @@ INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.
5858
RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 | \
5959
RUN: FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s
6060
INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index
61+
62+
RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \
63+
RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
64+
RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
65+
RUN: FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
66+
INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset

0 commit comments

Comments
 (0)
Please sign in to comment.