Elliott Hughes | 2faa5f1 | 2012-01-30 14:42:07 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 16 | |
Brian Carlstrom | fc0e321 | 2013-07-17 14:40:12 -0700 | [diff] [blame] | 17 | #ifndef ART_RUNTIME_DEX_FILE_VERIFIER_H_ |
| 18 | #define ART_RUNTIME_DEX_FILE_VERIFIER_H_ |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 19 | |
Andreas Gampe | 0ba238d | 2014-07-29 01:22:07 -0700 | [diff] [blame] | 20 | #include <unordered_set> |
| 21 | |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 22 | #include "dex_file.h" |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 23 | #include "dex_file_types.h" |
Elliott Hughes | a0e1806 | 2012-04-13 15:59:59 -0700 | [diff] [blame] | 24 | #include "safe_map.h" |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 25 | |
| 26 | namespace art { |
| 27 | |
| 28 | class DexFileVerifier { |
| 29 | public: |
Aart Bik | 37d6a3b | 2016-06-21 18:30:10 -0700 | [diff] [blame] | 30 | static bool Verify(const DexFile* dex_file, |
| 31 | const uint8_t* begin, |
| 32 | size_t size, |
| 33 | const char* location, |
| 34 | bool verify_checksum, |
| 35 | std::string* error_msg); |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 36 | |
| 37 | const std::string& FailureReason() const { |
| 38 | return failure_reason_; |
| 39 | } |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 40 | |
| 41 | private: |
Aart Bik | 37d6a3b | 2016-06-21 18:30:10 -0700 | [diff] [blame] | 42 | DexFileVerifier(const DexFile* dex_file, |
| 43 | const uint8_t* begin, |
| 44 | size_t size, |
| 45 | const char* location, |
| 46 | bool verify_checksum) |
| 47 | : dex_file_(dex_file), |
| 48 | begin_(begin), |
| 49 | size_(size), |
| 50 | location_(location), |
| 51 | verify_checksum_(verify_checksum), |
| 52 | header_(&dex_file->GetHeader()), |
| 53 | ptr_(nullptr), |
| 54 | previous_item_(nullptr) { |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 55 | } |
| 56 | |
| 57 | bool Verify(); |
| 58 | |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 59 | bool CheckShortyDescriptorMatch(char shorty_char, const char* descriptor, bool is_return_type); |
Andreas Gampe | 50d1bc1 | 2014-07-17 21:49:24 -0700 | [diff] [blame] | 60 | bool CheckListSize(const void* start, size_t count, size_t element_size, const char* label); |
Andreas Gampe | d4ae41f | 2014-09-02 11:17:34 -0700 | [diff] [blame] | 61 | // Check a list. The head is assumed to be at *ptr, and elements to be of size element_size. If |
| 62 | // successful, the ptr will be moved forward the amount covered by the list. |
Ian Rogers | 1373595 | 2014-10-08 12:43:28 -0700 | [diff] [blame] | 63 | bool CheckList(size_t element_size, const char* label, const uint8_t* *ptr); |
Andreas Gampe | d4ae41f | 2014-09-02 11:17:34 -0700 | [diff] [blame] | 64 | // Checks whether the offset is zero (when size is zero) or that the offset falls within the area |
| 65 | // claimed by the file. |
Andreas Gampe | b512c0e | 2016-02-19 19:45:34 -0800 | [diff] [blame] | 66 | bool CheckValidOffsetAndSize(uint32_t offset, uint32_t size, size_t alignment, const char* label); |
Vladimir Marko | 0ca8add | 2016-05-03 17:17:50 +0100 | [diff] [blame] | 67 | // Checks whether the size is less than the limit. |
| 68 | bool CheckSizeLimit(uint32_t size, uint32_t limit, const char* label); |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 69 | bool CheckIndex(uint32_t field, uint32_t limit, const char* label); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 70 | |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 71 | bool CheckHeader(); |
| 72 | bool CheckMap(); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 73 | |
| 74 | uint32_t ReadUnsignedLittleEndian(uint32_t size); |
| 75 | bool CheckAndGetHandlerOffsets(const DexFile::CodeItem* code_item, |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 76 | uint32_t* handler_offsets, uint32_t handlers_size); |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 77 | bool CheckClassDataItemField(uint32_t idx, |
| 78 | uint32_t access_flags, |
| 79 | uint32_t class_access_flags, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 80 | dex::TypeIndex class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 81 | bool expect_static); |
| 82 | bool CheckClassDataItemMethod(uint32_t idx, |
| 83 | uint32_t access_flags, |
| 84 | uint32_t class_access_flags, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 85 | dex::TypeIndex class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 86 | uint32_t code_offset, |
| 87 | std::unordered_set<uint32_t>* direct_method_indexes, |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 88 | bool expect_direct); |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 89 | bool CheckOrderAndGetClassFlags(bool is_field, |
| 90 | const char* type_descr, |
| 91 | uint32_t curr_index, |
| 92 | uint32_t prev_index, |
| 93 | bool* have_class, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 94 | dex::TypeIndex* class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 95 | uint32_t* class_access_flags); |
| 96 | |
Ian Rogers | 8a6bbfc | 2014-01-23 13:29:07 -0800 | [diff] [blame] | 97 | bool CheckPadding(size_t offset, uint32_t aligned_offset); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 98 | bool CheckEncodedValue(); |
| 99 | bool CheckEncodedArray(); |
| 100 | bool CheckEncodedAnnotation(); |
| 101 | |
| 102 | bool CheckIntraClassDataItem(); |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 103 | // Check all fields of the given type from the given iterator. Load the class data from the first |
| 104 | // field, if necessary (and return it), or use the given values. |
| 105 | template <bool kStatic> |
| 106 | bool CheckIntraClassDataItemFields(ClassDataItemIterator* it, |
| 107 | bool* have_class, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 108 | dex::TypeIndex* class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 109 | uint32_t* class_access_flags); |
| 110 | // Check all methods of the given type from the given iterator. Load the class data from the first |
| 111 | // method, if necessary (and return it), or use the given values. |
| 112 | template <bool kDirect> |
| 113 | bool CheckIntraClassDataItemMethods(ClassDataItemIterator* it, |
| 114 | std::unordered_set<uint32_t>* direct_method_indexes, |
| 115 | bool* have_class, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 116 | dex::TypeIndex* class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 117 | uint32_t* class_access_flags); |
| 118 | |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 119 | bool CheckIntraCodeItem(); |
| 120 | bool CheckIntraStringDataItem(); |
| 121 | bool CheckIntraDebugInfoItem(); |
| 122 | bool CheckIntraAnnotationItem(); |
| 123 | bool CheckIntraAnnotationsDirectoryItem(); |
| 124 | |
Ian Rogers | 8a6bbfc | 2014-01-23 13:29:07 -0800 | [diff] [blame] | 125 | bool CheckIntraSectionIterate(size_t offset, uint32_t count, uint16_t type); |
| 126 | bool CheckIntraIdSection(size_t offset, uint32_t count, uint16_t type); |
| 127 | bool CheckIntraDataSection(size_t offset, uint32_t count, uint16_t type); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 128 | bool CheckIntraSection(); |
| 129 | |
Ian Rogers | 8a6bbfc | 2014-01-23 13:29:07 -0800 | [diff] [blame] | 130 | bool CheckOffsetToTypeMap(size_t offset, uint16_t type); |
Andreas Gampe | e09269c | 2014-06-06 18:45:35 -0700 | [diff] [blame] | 131 | |
Andreas Gampe | 5e31dda | 2014-06-13 11:35:12 -0700 | [diff] [blame] | 132 | // Note: as sometimes kDexNoIndex16, being 0xFFFF, is a valid return value, we need an |
| 133 | // additional out parameter to signal any errors loading an index. |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 134 | dex::TypeIndex FindFirstClassDataDefiner(const uint8_t* ptr, bool* success); |
| 135 | dex::TypeIndex FindFirstAnnotationsDirectoryDefiner(const uint8_t* ptr, bool* success); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 136 | |
| 137 | bool CheckInterStringIdItem(); |
| 138 | bool CheckInterTypeIdItem(); |
| 139 | bool CheckInterProtoIdItem(); |
| 140 | bool CheckInterFieldIdItem(); |
| 141 | bool CheckInterMethodIdItem(); |
| 142 | bool CheckInterClassDefItem(); |
| 143 | bool CheckInterAnnotationSetRefList(); |
| 144 | bool CheckInterAnnotationSetItem(); |
| 145 | bool CheckInterClassDataItem(); |
| 146 | bool CheckInterAnnotationsDirectoryItem(); |
| 147 | |
Ian Rogers | 8a6bbfc | 2014-01-23 13:29:07 -0800 | [diff] [blame] | 148 | bool CheckInterSectionIterate(size_t offset, uint32_t count, uint16_t type); |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 149 | bool CheckInterSection(); |
| 150 | |
Andreas Gampe | e09269c | 2014-06-06 18:45:35 -0700 | [diff] [blame] | 151 | // Load a string by (type) index. Checks whether the index is in bounds, printing the error if |
Mathieu Chartier | 2cebb24 | 2015-04-21 16:50:40 -0700 | [diff] [blame] | 152 | // not. If there is an error, null is returned. |
Andreas Gampe | 8a0128a | 2016-11-28 07:38:35 -0800 | [diff] [blame] | 153 | const char* CheckLoadStringByIdx(dex::StringIndex idx, const char* error_fmt); |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 154 | const char* CheckLoadStringByTypeIdx(dex::TypeIndex type_idx, const char* error_fmt); |
Andreas Gampe | e09269c | 2014-06-06 18:45:35 -0700 | [diff] [blame] | 155 | |
| 156 | // Load a field/method Id by index. Checks whether the index is in bounds, printing the error if |
Mathieu Chartier | 2cebb24 | 2015-04-21 16:50:40 -0700 | [diff] [blame] | 157 | // not. If there is an error, null is returned. |
Andreas Gampe | e09269c | 2014-06-06 18:45:35 -0700 | [diff] [blame] | 158 | const DexFile::FieldId* CheckLoadFieldId(uint32_t idx, const char* error_fmt); |
| 159 | const DexFile::MethodId* CheckLoadMethodId(uint32_t idx, const char* error_fmt); |
| 160 | |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 161 | void ErrorStringPrintf(const char* fmt, ...) |
| 162 | __attribute__((__format__(__printf__, 2, 3))) COLD_ATTR; |
| 163 | |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 164 | // Retrieve class index and class access flag from the given member. index is the member index, |
| 165 | // which is taken as either a field or a method index (as designated by is_field). The result, |
| 166 | // if the member and declaring class could be found, is stored in class_type_index and |
| 167 | // class_access_flags. |
| 168 | // This is an expensive lookup, as we have to find the class-def by type index, which is a |
| 169 | // linear search. The output values should thus be cached by the caller. |
| 170 | bool FindClassFlags(uint32_t index, |
| 171 | bool is_field, |
Andreas Gampe | a5b09a6 | 2016-11-17 15:21:22 -0800 | [diff] [blame] | 172 | dex::TypeIndex* class_type_index, |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 173 | uint32_t* class_access_flags); |
| 174 | |
| 175 | // Check validity of the given access flags, interpreted for a field in the context of a class |
| 176 | // with the given second access flags. |
Andreas Gampe | c9f0ba1 | 2016-02-09 09:21:04 -0800 | [diff] [blame] | 177 | bool CheckFieldAccessFlags(uint32_t idx, |
| 178 | uint32_t field_access_flags, |
| 179 | uint32_t class_access_flags, |
| 180 | std::string* error_msg); |
Andreas Gampe | e6215c0 | 2015-08-31 18:54:38 -0700 | [diff] [blame] | 181 | // Check validity of the given method and access flags, in the context of a class with the given |
| 182 | // second access flags. |
| 183 | bool CheckMethodAccessFlags(uint32_t method_index, |
| 184 | uint32_t method_access_flags, |
| 185 | uint32_t class_access_flags, |
| 186 | bool has_code, |
| 187 | bool expect_direct, |
| 188 | std::string* error_msg); |
| 189 | |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 190 | const DexFile* const dex_file_; |
Ian Rogers | 1373595 | 2014-10-08 12:43:28 -0700 | [diff] [blame] | 191 | const uint8_t* const begin_; |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 192 | const size_t size_; |
| 193 | const char* const location_; |
Aart Bik | 37d6a3b | 2016-06-21 18:30:10 -0700 | [diff] [blame] | 194 | const bool verify_checksum_; |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 195 | const DexFile::Header* const header_; |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 196 | |
Mathieu Chartier | 0f8e072 | 2015-10-26 14:52:42 -0700 | [diff] [blame] | 197 | struct OffsetTypeMapEmptyFn { |
| 198 | // Make a hash map slot empty by making the offset 0. Offset 0 is a valid dex file offset that |
| 199 | // is in the offset of the dex file header. However, we only store data section items in the |
| 200 | // map, and these are after the header. |
| 201 | void MakeEmpty(std::pair<uint32_t, uint16_t>& pair) const { |
| 202 | pair.first = 0u; |
| 203 | } |
| 204 | // Check if a hash map slot is empty. |
| 205 | bool IsEmpty(const std::pair<uint32_t, uint16_t>& pair) const { |
| 206 | return pair.first == 0; |
| 207 | } |
| 208 | }; |
| 209 | struct OffsetTypeMapHashCompareFn { |
| 210 | // Hash function for offset. |
| 211 | size_t operator()(const uint32_t key) const { |
| 212 | return key; |
| 213 | } |
| 214 | // std::equal function for offset. |
| 215 | bool operator()(const uint32_t a, const uint32_t b) const { |
| 216 | return a == b; |
| 217 | } |
| 218 | }; |
| 219 | // Map from offset to dex file type, HashMap for performance reasons. |
| 220 | AllocationTrackingHashMap<uint32_t, |
| 221 | uint16_t, |
| 222 | OffsetTypeMapEmptyFn, |
| 223 | kAllocatorTagDexFileVerifier, |
| 224 | OffsetTypeMapHashCompareFn, |
| 225 | OffsetTypeMapHashCompareFn> offset_to_type_map_; |
Ian Rogers | 1373595 | 2014-10-08 12:43:28 -0700 | [diff] [blame] | 226 | const uint8_t* ptr_; |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 227 | const void* previous_item_; |
Ian Rogers | 8d31bbd | 2013-10-13 10:44:14 -0700 | [diff] [blame] | 228 | |
| 229 | std::string failure_reason_; |
Andreas Gampe | 0ba238d | 2014-07-29 01:22:07 -0700 | [diff] [blame] | 230 | |
| 231 | // Set of type ids for which there are ClassDef elements in the dex file. |
| 232 | std::unordered_set<decltype(DexFile::ClassDef::class_idx_)> defined_classes_; |
jeffhao | 10037c8 | 2012-01-23 15:06:23 -0800 | [diff] [blame] | 233 | }; |
| 234 | |
| 235 | } // namespace art |
| 236 | |
Brian Carlstrom | fc0e321 | 2013-07-17 14:40:12 -0700 | [diff] [blame] | 237 | #endif // ART_RUNTIME_DEX_FILE_VERIFIER_H_ |