mirror of
https://github.com/RPCS3/llvm-mirror.git
synced 2025-01-31 20:51:52 +01:00
Next set of additional error checks for invalid Mach-O files for bad load commands
that use the Mach::dylib_command type for the load commands that are currently used in the MachOObjectFile constructor. This contains the missing checks for LC_ID_DYLIB, LC_ID_DYLIB, etc. load commands and the fields for the Mach::dylib_command type. Also checks that only an MH_DYLIB or MH_STUB_DYLIB has an LC_ID_DYLIB load command (and others filetype don’t) and there is not more than one of these load commands. llvm-svn: 282008
This commit is contained in:
Kevin Enderby
parent
d54b3459fa
commit
54d275f77b
@ -579,6 +579,52 @@ static Error checkDyldInfoCommand(const MachOObjectFile *Obj,
|
||||
return Error::success();
|
||||
}
|
||||
|
||||
static Error checkDylibCommand(const MachOObjectFile *Obj,
|
||||
const MachOObjectFile::LoadCommandInfo &Load,
|
||||
uint32_t LoadCommandIndex, const char *CmdName) {
|
||||
if (Load.C.cmdsize < sizeof(MachO::dylib_command))
|
||||
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
|
||||
CmdName + " cmdsize too small");
|
||||
MachO::dylib_command D = getStruct<MachO::dylib_command>(Obj, Load.Ptr);
|
||||
if (D.dylib.name < sizeof(MachO::dylib_command))
|
||||
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
|
||||
CmdName + " name.offset field too small, not past "
|
||||
"the end of the dylib_command struct");
|
||||
if (D.dylib.name >= D.cmdsize)
|
||||
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
|
||||
CmdName + " name.offset field extends past the end "
|
||||
"of the load command");
|
||||
// Make sure there is a null between the starting offset of the name and
|
||||
// the end of the load command.
|
||||
uint32_t i;
|
||||
const char *P = (const char *)Load.Ptr;
|
||||
for (i = D.dylib.name; i < D.cmdsize; i++)
|
||||
if (P[i] == '\0')
|
||||
break;
|
||||
if (i >= D.cmdsize)
|
||||
return malformedError("load command " + Twine(LoadCommandIndex) + " " +
|
||||
CmdName + " library name extends past the end of the "
|
||||
"load command");
|
||||
return Error::success();
|
||||
}
|
||||
|
||||
static Error checkDylibIdCommand(const MachOObjectFile *Obj,
|
||||
const MachOObjectFile::LoadCommandInfo &Load,
|
||||
uint32_t LoadCommandIndex,
|
||||
const char **LoadCmd) {
|
||||
if (Error Err = checkDylibCommand(Obj, Load, LoadCommandIndex,
|
||||
"LC_ID_DYLIB"))
|
||||
return Err;
|
||||
if (*LoadCmd != nullptr)
|
||||
return malformedError("more than one LC_ID_DYLIB command");
|
||||
if (Obj->getHeader().filetype != MachO::MH_DYLIB &&
|
||||
Obj->getHeader().filetype != MachO::MH_DYLIB_STUB)
|
||||
return malformedError("LC_ID_DYLIB load command in non-dynamic library "
|
||||
"file type");
|
||||
*LoadCmd = Load.Ptr;
|
||||
return Error::success();
|
||||
}
|
||||
|
||||
Expected<std::unique_ptr<MachOObjectFile>>
|
||||
MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian,
|
||||
bool Is64Bits) {
|
||||
@ -616,17 +662,17 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
|
||||
}
|
||||
|
||||
uint32_t LoadCommandCount = getHeader().ncmds;
|
||||
if (LoadCommandCount == 0)
|
||||
return;
|
||||
|
||||
LoadCommandInfo Load;
|
||||
if (auto LoadOrErr = getFirstLoadCommandInfo(this))
|
||||
Load = *LoadOrErr;
|
||||
else {
|
||||
Err = LoadOrErr.takeError();
|
||||
return;
|
||||
if (LoadCommandCount != 0) {
|
||||
if (auto LoadOrErr = getFirstLoadCommandInfo(this))
|
||||
Load = *LoadOrErr;
|
||||
else {
|
||||
Err = LoadOrErr.takeError();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
const char *DyldIdLoadCmd = nullptr;
|
||||
for (unsigned I = 0; I < LoadCommandCount; ++I) {
|
||||
if (is64Bit()) {
|
||||
if (Load.C.cmdsize % 8 != 0) {
|
||||
@ -689,11 +735,28 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
|
||||
this, Load, Sections, HasPageZeroSegment, I,
|
||||
"LC_SEGMENT", SizeOfHeaders)))
|
||||
return;
|
||||
} else if (Load.C.cmd == MachO::LC_LOAD_DYLIB ||
|
||||
Load.C.cmd == MachO::LC_LOAD_WEAK_DYLIB ||
|
||||
Load.C.cmd == MachO::LC_LAZY_LOAD_DYLIB ||
|
||||
Load.C.cmd == MachO::LC_REEXPORT_DYLIB ||
|
||||
Load.C.cmd == MachO::LC_LOAD_UPWARD_DYLIB) {
|
||||
} else if (Load.C.cmd == MachO::LC_ID_DYLIB) {
|
||||
if ((Err = checkDylibIdCommand(this, Load, I, &DyldIdLoadCmd)))
|
||||
return;
|
||||
} else if (Load.C.cmd == MachO::LC_LOAD_DYLIB) {
|
||||
if ((Err = checkDylibCommand(this, Load, I, "LC_LOAD_DYLIB")))
|
||||
return;
|
||||
Libraries.push_back(Load.Ptr);
|
||||
} else if (Load.C.cmd == MachO::LC_LOAD_WEAK_DYLIB) {
|
||||
if ((Err = checkDylibCommand(this, Load, I, "LC_LOAD_WEAK_DYLIB")))
|
||||
return;
|
||||
Libraries.push_back(Load.Ptr);
|
||||
} else if (Load.C.cmd == MachO::LC_LAZY_LOAD_DYLIB) {
|
||||
if ((Err = checkDylibCommand(this, Load, I, "LC_LAZY_LOAD_DYLIB")))
|
||||
return;
|
||||
Libraries.push_back(Load.Ptr);
|
||||
} else if (Load.C.cmd == MachO::LC_REEXPORT_DYLIB) {
|
||||
if ((Err = checkDylibCommand(this, Load, I, "LC_REEXPORT_DYLIB")))
|
||||
return;
|
||||
Libraries.push_back(Load.Ptr);
|
||||
} else if (Load.C.cmd == MachO::LC_LOAD_UPWARD_DYLIB) {
|
||||
if ((Err = checkDylibCommand(this, Load, I, "LC_LOAD_UPWARD_DYLIB")))
|
||||
return;
|
||||
Libraries.push_back(Load.Ptr);
|
||||
}
|
||||
if (I < LoadCommandCount - 1) {
|
||||
@ -754,6 +817,13 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
|
||||
return;
|
||||
}
|
||||
}
|
||||
if ((getHeader().filetype == MachO::MH_DYLIB ||
|
||||
getHeader().filetype == MachO::MH_DYLIB_STUB) &&
|
||||
DyldIdLoadCmd == nullptr) {
|
||||
Err = malformedError("no LC_ID_DYLIB load command in dynamic library "
|
||||
"filetype");
|
||||
return;
|
||||
}
|
||||
assert(LoadCommands.size() == LoadCommandCount);
|
||||
|
||||
Err = Error::success();
|
||||
|
||||
BIN
test/Object/Inputs/macho-invalid-dylib-id-more-than-one
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-id-more-than-one
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-name_offset-toobig
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-name_offset-toobig
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-name_offset-toosmall
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-name_offset-toosmall
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-name_toobig
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-name_toobig
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-no-id
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-no-id
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-small
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-small
Normal file
Binary file not shown.
BIN
test/Object/Inputs/macho-invalid-dylib-wrong-filetype
Normal file
BIN
test/Object/Inputs/macho-invalid-dylib-wrong-filetype
Normal file
Binary file not shown.
@ -262,3 +262,24 @@ INVALID-DYLDINFO-EXPORT_OFF-EXPORT_SIZE: macho-invalid-dyldinfo-export_off-expor
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dyldinfo-more-than-one 2>&1 | FileCheck -check-prefix INVALID-DYLDINFO-MORE-THAN-ONE %s
|
||||
INVALID-DYLDINFO-MORE-THAN-ONE: macho-invalid-dyldinfo-more-than-one': truncated or malformed object (more than one LC_DYLD_INFO and or LC_DYLD_INFO_ONLY command)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-small 2>&1 | FileCheck -check-prefix INVALID-DYLIB-SMALL %s
|
||||
INVALID-DYLIB-SMALL: macho-invalid-dylib-small': truncated or malformed object (load command 0 LC_LOAD_DYLIB cmdsize too small)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-name_offset-toobig 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NAME_OFFSET-TOOBIG %s
|
||||
INVALID-DYLIB-NAME_OFFSET-TOOBIG: macho-invalid-dylib-name_offset-toobig': truncated or malformed object (load command 0 LC_LOAD_WEAK_DYLIB name.offset field extends past the end of the load command)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-name_toobig 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NAME_TOOBIG %s
|
||||
INVALID-DYLIB-NAME_TOOBIG: macho-invalid-dylib-name_toobig': truncated or malformed object (load command 0 LC_LAZY_LOAD_DYLIB library name extends past the end of the load command)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-name_offset-toosmall 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NAME_OFFSET-TOOSMALL %s
|
||||
INVALID-DYLIB-NAME_OFFSET-TOOSMALL: macho-invalid-dylib-name_offset-toosmall': truncated or malformed object (load command 0 LC_LOAD_UPWARD_DYLIB name.offset field too small, not past the end of the dylib_command struct)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-id-more-than-one 2>&1 | FileCheck -check-prefix INVALID-DYLIB-ID-MORE-THAN-ONE %s
|
||||
INVALID-DYLIB-ID-MORE-THAN-ONE: macho-invalid-dylib-id-more-than-one': truncated or malformed object (more than one LC_ID_DYLIB command)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-wrong-filetype 2>&1 | FileCheck -check-prefix INVALID-DYLIB-WRONG-FILETYPE %s
|
||||
INVALID-DYLIB-WRONG-FILETYPE: macho-invalid-dylib-wrong-filetype': truncated or malformed object (LC_ID_DYLIB load command in non-dynamic library file type)
|
||||
|
||||
RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-no-id 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NO-ID %s
|
||||
INVALID-DYLIB-NO-ID: macho-invalid-dylib-no-id': truncated or malformed object (no LC_ID_DYLIB load command in dynamic library filetype)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user