Author: Georgii Rymar Date: 2020-12-25T11:51:28+03:00 New Revision: 893c84d71c4ad223ae495d66a0c733a91c72e7bf
URL: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf DIFF: https://github.com/llvm/llvm-project/commit/893c84d71c4ad223ae495d66a0c733a91c72e7bf.diff LOG: [obj2yaml] - Dump the content of a broken hash table properly. This is similar to D93760. When something is wrong with the hash table header we dump its context as a raw data. Currently we have the calculation overflow issue and it is possible to bypass the validation we have (and crash). The patch fixes it. Differential revision: https://reviews.llvm.org/D93799 Added: Modified: llvm/test/tools/obj2yaml/ELF/hash-section.yaml llvm/tools/obj2yaml/elf2yaml.cpp Removed: ################################################################################ diff --git a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml index 389b4bbb6972..57d823b3a0be 100644 --- a/llvm/test/tools/obj2yaml/ELF/hash-section.yaml +++ b/llvm/test/tools/obj2yaml/ELF/hash-section.yaml @@ -49,6 +49,13 @@ Sections: # CONTENT-NEXT: - Name: .oversized # CONTENT-NEXT: Type: SHT_HASH # CONTENT-NEXT: Content: '0100000002000000030000000400000000' +# CONTENT-NEXT: - Name: .overflow1 +# CONTENT-NEXT: Type: SHT_HASH +# CONTENT-NEXT: Content: 01000000FFFFFFFF{{$}} +# CONTENT-NEXT: - Name: .overflow2 +# CONTENT-NEXT: Type: SHT_HASH +# CONTENT-NEXT: Content: FFFFFFFF01000000{{$}} +# CONTENT-NEXT: ... --- !ELF FileHeader: @@ -74,6 +81,20 @@ Sections: - Name: .oversized Type: SHT_HASH Content: '0100000002000000030000000400000000' +## Case 5, 6: NChain/NBucket are incorrect and causing 32-bit +## unsigned overflows of intermediate expressions. + - Name: .overflow1 + Type: SHT_HASH + Bucket: [ ] + Chain: [ ] + NBucket: 0x1 + NChain: 0xffffffff + - Name: .overflow2 + Type: SHT_HASH + Bucket: [ ] + Chain: [ ] + NBucket: 0xffffffff + NChain: 0x1 ## Check how we dump the "EntSize" field. When the sh_entsize is 4, ## we don't print it, because it is the default value for the SHT_HASH section. diff --git a/llvm/tools/obj2yaml/elf2yaml.cpp b/llvm/tools/obj2yaml/elf2yaml.cpp index 50c3e90eb667..da32eaba5a69 100644 --- a/llvm/tools/obj2yaml/elf2yaml.cpp +++ b/llvm/tools/obj2yaml/elf2yaml.cpp @@ -1224,8 +1224,8 @@ ELFDumper<ELFT>::dumpHashSection(const Elf_Shdr *Shdr) { DataExtractor::Cursor Cur(0); DataExtractor Data(Content, Obj.isLE(), /*AddressSize=*/0); - uint32_t NBucket = Data.getU32(Cur); - uint32_t NChain = Data.getU32(Cur); + uint64_t NBucket = Data.getU32(Cur); + uint64_t NChain = Data.getU32(Cur); if (Content.size() != (2 + NBucket + NChain) * 4) { S->Content = yaml::BinaryRef(Content); if (Cur) _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
