When we have SHT_GNU_versym section, it is should be associated with symbol table
section. Usually (and in out implementation) it is .dynsym.
In case when .dynsym is absent (due to broken object for example),
lld crashes in parseVerdefs() when accesses null pointer:
Versym = reinterpret_cast<const Elf_Versym *>(this->ELFObj.base() +
VersymSec->sh_offset) +
this->Symtab->sh_info;
DIfferential revision: https://reviews.llvm.org/D25553
llvm-svn: 285796
In continue of D25555, this patch fixes possible crash when
we have multiple SHT_MIPS_REGINFO or SHT_MIPS_ABIFLAGS sections.
yaml2obj was used to produce such objects.
Differential revision: https://reviews.llvm.org/D25609
llvm-svn: 284376
It was requested on review for https://reviews.llvm.org/D25090 to add testcase in lld.
Spec says (http://www.sco.com/developers/gabi/1998-04-29/ch4.eheader.html) :
e_shnum
This member holds the number of entries in the section header table.
Thus the product of e_shentsize and e_shnum gives the section header table's size in bytes.
If a file has no section header table, e_shnum holds the value zero.
In case revealed, broken input did not contain zero in this field.
LLD then could crash when proccessed sections (returned array has incorrect size):
template <class ELFT> void SharedFile<ELFT>::parseSoName() {
...
for (const Elf_Shdr &Sec : Obj.sections()) {
...
llvm-svn: 284375
Issue was revealed by AFl and I was able to generate such object using yaml2obj.
When object has more than one SHT_MIPS_OPTIONS,
each except the last one is destroyed after placing into Sections array.
Sections array contains dead pointers finally. LLD may crash then.
Differential revision: https://reviews.llvm.org/D25555
llvm-svn: 284227
This part was splitted from D25016.
When sh_info value was set in the way that non-local symbol was treated as local, lld
was asserting, patch fixes that.
Differential revision: https://reviews.llvm.org/D25371
llvm-svn: 283859
With fix: commit changes from InputFiles.cpp too.
Original commit message:
We have following code in lld, that truncates the alignment value to 32 bit. Big alignment in this case
may give result 0 and crash later.
template <class ELFT>
CommonInputSection<ELFT>::CommonInputSection(std::vector<DefinedCommon *> Syms)
: InputSection<ELFT>(nullptr, &Hdr, "") {
....
for (DefinedCommon *Sym : Syms) {
this->Alignment = std::max<uintX_t>(this->Alignment, Sym->Alignment);
...
}
}
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25235
llvm-svn: 283738
We have following code in lld, that truncates the alignment value to 32 bit. Big alignment in this case
may give result 0 and crash later.
template <class ELFT>
CommonInputSection<ELFT>::CommonInputSection(std::vector<DefinedCommon *> Syms)
: InputSection<ELFT>(nullptr, &Hdr, "") {
....
for (DefinedCommon *Sym : Syms) {
this->Alignment = std::max<uintX_t>(this->Alignment, Sym->Alignment);
...
}
}
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25235
llvm-svn: 283733
When sh_info of sumbol table value was set to zero, lld was asserting.
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25016
llvm-svn: 283562
I found that this check still may be useful in some cases.
At fact since we use uint32_t alignment, then maximum value
that is valid for us is 0x80000000. But some broken files,
for example file from testcase may have greater value.
Because of that offset calculation overflow and crash happens.
Differential revision: https://reviews.llvm.org/D25324
llvm-svn: 283544
Previously if sh_size of dynamic section was broken,
lld may crash. Or even may not crash if used 32 bits host.
(then value may be truncated to 32 bits when doing pointer arithmetic
and could be just zero).
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25327
llvm-svn: 283533
createELFObj() may call error(...), for example when file is too short.
In that case header is not set and following line lead to crash:
EMachine = ELFObj.getHeader()->e_machine;
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25233
llvm-svn: 283532
This patch makes the check for null section stricter,
so it is only allowed for STT_SECTION symbols now.
Differential revision: https://reviews.llvm.org/D25231
llvm-svn: 283426
Previously lld would hang in infinite loop in this case,
patch fixes the issue. Object was found during AFL run.
Differential revision: https://reviews.llvm.org/D25229
llvm-svn: 283208
Relative to PR30540.
If .symtab has invalid type in elf, no bodies are created and any relocation
that tries to access them will fail.
The same can happen if symbol index is just incorrect.
This was revealed by "id_000005,sig_11,src_000000,op_flip2,pos_420"
Differential revision: https://reviews.llvm.org/D25025
llvm-svn: 283201
id_000021,sig_11,src_000002,op_flip1,pos_92 from PR30540
does not have TLS sections, but type
of one of the symbol is broken and set to STT_TLS,
what resulted in a crash. Patch fixes crash.
DIfferential revision: https://reviews.llvm.org/D25083
llvm-svn: 283198
Testcase contains a common symbol with zero alignment,
previously lld would crash, patch fixes that.
Differential revision: https://reviews.llvm.org/D25085
llvm-svn: 283197
Case was revealed by id_000010,sig_08,src_000000,op_havoc,rep_4 from PR30540.
Out implementation uses uint32 for storing section alignment value,
what seems reasonable, though if value exceeds 32 bits bounds we have
truncation and final value of 0.
Patch fixes the issue.
Differential revision: https://reviews.llvm.org/D25082
llvm-svn: 283097
George Rimar