commit 33044a7ae21350954e3523a70f2e4422a4e165ea
author George Rimar <grimar@accesssoftek.com> Fri Jun 07 08:34:18 2019 +0000
committer George Rimar <grimar@accesssoftek.com> Fri Jun 07 08:34:18 2019 +0000
tree 853a652ba1d534b803f9cad80bb86df94e499eb1
parent eb394e93d2d39cf18d0b6c992f948b17d99b1c69

[llvm-objcopy] - Emit error and don't crash if program header reaches past end of file.

This is https://bugs.llvm.org/show_bug.cgi?id=42122.

If an object file has a size less than program header's file [offset + size]
(i.e. if we have overflow), llvm-objcopy crashes instead of reporting a
error.

The patch fixes this issue.

Differential revision: https://reviews.llvm.org/D62898

llvm-svn: 362778

llvm/tools/llvm-objcopy/ELF/Object.cpp

diff --git a/llvm/tools/llvm-objcopy/ELF/Object.cpp b/llvm/tools/llvm-objcopy/ELF/Object.cpp
index e70a3b1..b654305 100644
--- a/llvm/tools/llvm-objcopy/ELF/Object.cpp
+++ b/llvm/tools/llvm-objcopy/ELF/Object.cpp
@@ -1104,6 +1104,11 @@
 template <class ELFT> void ELFBuilder<ELFT>::readProgramHeaders() {
   uint32_t Index = 0;
   for (const auto &Phdr : unwrapOrError(ElfFile.program_headers())) {
+    if (Phdr.p_offset + Phdr.p_filesz > ElfFile.getBufSize())
+      error("program header with offset 0x" + Twine::utohexstr(Phdr.p_offset) +
+            " and file size 0x" + Twine::utohexstr(Phdr.p_filesz) +
+            " goes past the end of the file");
+
     ArrayRef<uint8_t> Data{ElfFile.base() + Phdr.p_offset,
                            (size_t)Phdr.p_filesz};
     Segment &Seg = Obj.addSegment(Data);