diff options
| author | George Rimar <grimar@accesssoftek.com> | 2019-06-07 08:34:18 +0000 |
|---|---|---|
| committer | George Rimar <grimar@accesssoftek.com> | 2019-06-07 08:34:18 +0000 |
| commit | 33044a7ae21350954e3523a70f2e4422a4e165ea (patch) | |
| tree | 853a652ba1d534b803f9cad80bb86df94e499eb1 /llvm/tools/llvm-objcopy/ELF/Object.cpp | |
| parent | eb394e93d2d39cf18d0b6c992f948b17d99b1c69 (diff) | |
| download | llvm-33044a7ae21350954e3523a70f2e4422a4e165ea.zip llvm-33044a7ae21350954e3523a70f2e4422a4e165ea.tar.gz llvm-33044a7ae21350954e3523a70f2e4422a4e165ea.tar.bz2 | |
[llvm-objcopy] - Emit error and don't crash if program header reaches past end of file.
This is https://bugs.llvm.org/show_bug.cgi?id=42122.
If an object file has a size less than program header's file [offset + size]
(i.e. if we have overflow), llvm-objcopy crashes instead of reporting a
error.
The patch fixes this issue.
Differential revision: https://reviews.llvm.org/D62898
llvm-svn: 362778
Diffstat (limited to 'llvm/tools/llvm-objcopy/ELF/Object.cpp')
| -rw-r--r-- | llvm/tools/llvm-objcopy/ELF/Object.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/llvm/tools/llvm-objcopy/ELF/Object.cpp b/llvm/tools/llvm-objcopy/ELF/Object.cpp index e70a3b1..b654305 100644 --- a/llvm/tools/llvm-objcopy/ELF/Object.cpp +++ b/llvm/tools/llvm-objcopy/ELF/Object.cpp @@ -1104,6 +1104,11 @@ template <class ELFT> void ELFBuilder<ELFT>::setParentSegment(Segment &Child) { template <class ELFT> void ELFBuilder<ELFT>::readProgramHeaders() { uint32_t Index = 0; for (const auto &Phdr : unwrapOrError(ElfFile.program_headers())) { + if (Phdr.p_offset + Phdr.p_filesz > ElfFile.getBufSize()) + error("program header with offset 0x" + Twine::utohexstr(Phdr.p_offset) + + " and file size 0x" + Twine::utohexstr(Phdr.p_filesz) + + " goes past the end of the file"); + ArrayRef<uint8_t> Data{ElfFile.base() + Phdr.p_offset, (size_t)Phdr.p_filesz}; Segment &Seg = Obj.addSegment(Data); |