[Object][ELF] Ensure offset to locate dyn section does not go past size

Validate `p_offset` in `dynamicEntries` before computing the entry offset. Fixes: https://github.com/llvm/llvm-project/issues/85568.
author: Antonio Frighetto <me@antoniofrighetto.com> 2024-03-22 16:23:19 +0100
committer: Antonio Frighetto <me@antoniofrighetto.com> 2024-03-22 16:29:09 +0100
commit: 6e28ecd79995a72a8dbde8f16a1afc18309442a1 (patch)
tree: 8496216182d1819adae469cb1830035f4821f717 /llvm/lib/Object/ELF.cpp
parent: 4318f7e5301fb737a7abaacb3b43b6a9289055f3 (diff)
download: llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.zip
llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.tar.gz
llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/llvm/lib/Object/ELF.cpp b/llvm/lib/Object/ELF.cpp
index 55dd0c8..0ac4e7a 100644
--- a/llvm/lib/Object/ELF.cpp
+++ b/llvm/lib/Object/ELF.cpp
@@ -560,7 +560,11 @@ Expected<typename ELFT::DynRange> ELFFile<ELFT>::dynamicEntries() const {
 
   for (const Elf_Phdr &Phdr : *ProgramHeadersOrError) {
     if (Phdr.p_type == ELF::PT_DYNAMIC) {
-      Dyn = ArrayRef(reinterpret_cast<const Elf_Dyn *>(base() + Phdr.p_offset),
+      const uint8_t *DynOffset = base() + Phdr.p_offset;
+      if (DynOffset > end())
+        return createError(
+            "dynamic section offset past file size: corrupted ELF");
+      Dyn = ArrayRef(reinterpret_cast<const Elf_Dyn *>(DynOffset),
                      Phdr.p_filesz / sizeof(Elf_Dyn));
       break;
     }
author	Antonio Frighetto <me@antoniofrighetto.com>	2024-03-22 16:23:19 +0100
committer	Antonio Frighetto <me@antoniofrighetto.com>	2024-03-22 16:29:09 +0100
commit	6e28ecd79995a72a8dbde8f16a1afc18309442a1 (patch)
tree	8496216182d1819adae469cb1830035f4821f717 /llvm/lib/Object/ELF.cpp
parent	4318f7e5301fb737a7abaacb3b43b6a9289055f3 (diff)
download	llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.zip llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.tar.gz llvm-6e28ecd79995a72a8dbde8f16a1afc18309442a1.tar.bz2