Added phdr upper bound checks to ElfObject.

Ensure the program_headers call will fail correctly if the program headers are larger than the underlying buffer. Patch by Parker Thompson! llvm-svn: 315012
2017-10-05 20:01:32 +00:00 · 2017-10-05 20:01:32 +00:00 · 42eb1f2ba9
parent 4a3e502d5d
commit 42eb1f2ba9
3 changed files with 30 additions and 0 deletions
--- a/llvm/include/llvm/Object/ELF.h
+++ b/llvm/include/llvm/Object/ELF.h
@ -144,6 +144,10 @@ public:
  Expected<Elf_Phdr_Range> program_headers() const {
    if (getHeader()->e_phnum && getHeader()->e_phentsize != sizeof(Elf_Phdr))
      return createError("invalid e_phentsize");
+    if (getHeader()->e_phoff +
+            (getHeader()->e_phnum * getHeader()->e_phentsize) >
+        getBufSize())
+      return createError("program headers longer than binary");
    auto *Begin =
        reinterpret_cast<const Elf_Phdr *>(base() + getHeader()->e_phoff);
    return makeArrayRef(Begin, Begin + getHeader()->e_phnum);
--- a/llvm/test/Object/Inputs/invalid-phdr.elf
+++ b/llvm/test/Object/Inputs/invalid-phdr.elf
--- a/llvm/test/Object/elf-invalid-phdr.test
+++ b/llvm/test/Object/elf-invalid-phdr.test
@ -0,0 +1,26 @@
+# invalid-phdr.elf is generated by creating a simple elf file with yaml2obj:
+# !ELF
+# FileHeader:
+#   Class:           ELFCLASS64
+#   Data:            ELFDATA2LSB
+#   Type:            ET_EXEC
+#   Machine:         EM_X86_64
+# Sections:
+#   - Name:            .text
+#     Type:            SHT_PROGBITS
+#     Flags:           [ SHF_ALLOC, SHF_EXECINSTR ]
+#     AddressAlign:    0x0000000000001000
+#     Content:         "00000000"
+# ProgramHeaders:
+#   - Type: PT_LOAD
+#     Flags: [ PF_X, PF_R ]
+#     VAddr: 0xAAAA1000
+#     PAddr: 0xFFFF1000
+#     Sections:
+#       - Section: .text
+#
+# Then editing the e_phoff in with a hexeditor to set it to 0xffffff
+RUN: not llvm-objdump -private-headers %p/Inputs/invalid-phdr.elf 2>&1 \
+RUN:         | FileCheck %s
+
+CHECK: LLVM ERROR: Invalid data was encountered while parsing the file