Skip to content

Commit 9aeef37

Browse files
Prabhukellishg
authored and
github-actions[bot]
committed
Automerge: [lld][macho] Fix segfault while processing malformed object file. (#167025)
Ran into a use case where we had a MachO object file with a section symbol which did not have a section associated with it segfaults during linking. This patch aims to handle such cases gracefully and avoid the linker from crashing. --------- Co-authored-by: Ellis Hoag <[email protected]>
2 parents b232804 + abb8c4b commit 9aeef37

File tree

3 files changed

+267
-0
lines changed

3 files changed

+267
-0
lines changed

lld/MachO/InputFiles.cpp

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -808,6 +808,17 @@ void ObjFile::parseSymbols(ArrayRef<typename LP::section> sectionHeaders,
808808
continue;
809809

810810
if ((sym.n_type & N_TYPE) == N_SECT) {
811+
if (sym.n_sect == 0) {
812+
fatal("section symbol " + StringRef(strtab + sym.n_strx) + " in " +
813+
toString(this) + " has an invalid section index [0]");
814+
}
815+
if (sym.n_sect > sections.size()) {
816+
fatal("section symbol " + StringRef(strtab + sym.n_strx) + " in " +
817+
toString(this) + " has an invalid section index [" +
818+
Twine(static_cast<unsigned>(sym.n_sect)) +
819+
"] greater than the total number of sections [" +
820+
Twine(sections.size()) + "]");
821+
}
811822
Subsections &subsections = sections[sym.n_sect - 1]->subsections;
812823
// parseSections() may have chosen not to parse this section.
813824
if (subsections.empty())

lld/test/MachO/handle-invalid-section-reference-too-big.test

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
# REQUIRES: aarch64
2+
3+
## This is a regression test which makes sure that when there is an invalid section index
4+
## associated with a section symbol, the linker does not segfault.
5+
6+
## Test YAML content was created using the following steps
7+
## 1. Create an object file from the following assembly
8+
## `llvm-mc -filetype=obj -triple=arm64-apple-darwin symbol.s -o symbol.o`
9+
##
10+
## .text
11+
## .section __TEST,__mystuff
12+
## .globl _mysec
13+
## _mysec:
14+
## .byte 0xC3
15+
##
16+
## 2. Use obj2yaml to convert object file to yaml
17+
## `obj2yaml symbol.o -o symbol.yaml`
18+
##
19+
## 3. Manually set n_sect value of ltmp1 symbol to 10 which is greater than the number of sections 2.
20+
##
21+
22+
# RUN: yaml2obj %s -o %t
23+
# RUN: not %lld -platform_version macos 10.14 11.0 -arch arm64 %t 2>&1 | FileCheck %s --check-prefix=FATAL
24+
25+
# FATAL: error: section symbol ltmp0 in {{.*}} has an invalid section index [10] greater than the total number of sections [2]
26+
27+
--- !mach-o
28+
FileHeader:
29+
magic: 0xFEEDFACF
30+
cputype: 0x100000C
31+
cpusubtype: 0x0
32+
filetype: 0x1
33+
ncmds: 3
34+
sizeofcmds: 336
35+
flags: 0x0
36+
reserved: 0x0
37+
LoadCommands:
38+
- cmd: LC_SEGMENT_64
39+
cmdsize: 232
40+
segname: ''
41+
vmaddr: 0
42+
vmsize: 1
43+
fileoff: 368
44+
filesize: 1
45+
maxprot: 7
46+
initprot: 7
47+
nsects: 2
48+
flags: 0
49+
Sections:
50+
- sectname: __text
51+
segname: __TEXT
52+
addr: 0x0
53+
size: 0
54+
offset: 0x170
55+
align: 0
56+
reloff: 0x0
57+
nreloc: 0
58+
flags: 0x80000000
59+
reserved1: 0x0
60+
reserved2: 0x0
61+
reserved3: 0x0
62+
content: ''
63+
- sectname: __mystuff
64+
segname: __TEST
65+
addr: 0x0
66+
size: 1
67+
offset: 0x170
68+
align: 0
69+
reloff: 0x0
70+
nreloc: 0
71+
flags: 0x0
72+
reserved1: 0x0
73+
reserved2: 0x0
74+
reserved3: 0x0
75+
content: C3
76+
- cmd: LC_SYMTAB
77+
cmdsize: 24
78+
symoff: 376
79+
nsyms: 3
80+
stroff: 424
81+
strsize: 24
82+
- cmd: LC_DYSYMTAB
83+
cmdsize: 80
84+
ilocalsym: 0
85+
nlocalsym: 2
86+
iextdefsym: 2
87+
nextdefsym: 1
88+
iundefsym: 3
89+
nundefsym: 0
90+
tocoff: 0
91+
ntoc: 0
92+
modtaboff: 0
93+
nmodtab: 0
94+
extrefsymoff: 0
95+
nextrefsyms: 0
96+
indirectsymoff: 0
97+
nindirectsyms: 0
98+
extreloff: 0
99+
nextrel: 0
100+
locreloff: 0
101+
nlocrel: 0
102+
LinkEditData:
103+
NameList:
104+
- n_strx: 14
105+
n_type: 0xE
106+
n_sect: 10
107+
n_desc: 0
108+
n_value: 0
109+
- n_strx: 8
110+
n_type: 0xE
111+
n_sect: 2
112+
n_desc: 0
113+
n_value: 0
114+
- n_strx: 1
115+
n_type: 0xF
116+
n_sect: 2
117+
n_desc: 0
118+
n_value: 0
119+
StringTable:
120+
- ''
121+
- _mysec
122+
- ltmp1
123+
- ltmp0
124+
- ''
125+
- ''
126+
- ''
127+
- ''
128+
...

lld/test/MachO/handle-invalid-section-reference-zero.test

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
# REQUIRES: aarch64
2+
3+
## This is a regression test which makes sure that when there is an invalid section index
4+
## associated with a section symbol, the linker does not segfault.
5+
6+
## Test YAML content was created using the following steps
7+
## 1. Create an object file from the following assembly
8+
## `llvm-mc -filetype=obj -triple=arm64-apple-darwin symbol.s -o symbol.o`
9+
##
10+
## .text
11+
## .section __TEST,__mystuff
12+
## .globl _mysec
13+
## _mysec:
14+
## .byte 0xC3
15+
##
16+
## 2. Use obj2yaml to convert object file to yaml
17+
## `obj2yaml symbol.o -o symbol.yaml`
18+
##
19+
## 3. Manually set n_sect value of ltmp1 symbol to 0 instead of 1.
20+
##
21+
22+
# RUN: yaml2obj %s -o %t
23+
# RUN: not %lld -platform_version macos 10.14 11.0 -arch arm64 %t 2>&1 | FileCheck %s --check-prefix=FATAL
24+
25+
# FATAL: error: section symbol ltmp0 in {{.*}} has an invalid section index [0]
26+
27+
--- !mach-o
28+
FileHeader:
29+
magic: 0xFEEDFACF
30+
cputype: 0x100000C
31+
cpusubtype: 0x0
32+
filetype: 0x1
33+
ncmds: 3
34+
sizeofcmds: 336
35+
flags: 0x0
36+
reserved: 0x0
37+
LoadCommands:
38+
- cmd: LC_SEGMENT_64
39+
cmdsize: 232
40+
segname: ''
41+
vmaddr: 0
42+
vmsize: 1
43+
fileoff: 368
44+
filesize: 1
45+
maxprot: 7
46+
initprot: 7
47+
nsects: 2
48+
flags: 0
49+
Sections:
50+
- sectname: __text
51+
segname: __TEXT
52+
addr: 0x0
53+
size: 0
54+
offset: 0x170
55+
align: 0
56+
reloff: 0x0
57+
nreloc: 0
58+
flags: 0x80000000
59+
reserved1: 0x0
60+
reserved2: 0x0
61+
reserved3: 0x0
62+
content: ''
63+
- sectname: __mystuff
64+
segname: __TEST
65+
addr: 0x0
66+
size: 1
67+
offset: 0x170
68+
align: 0
69+
reloff: 0x0
70+
nreloc: 0
71+
flags: 0x0
72+
reserved1: 0x0
73+
reserved2: 0x0
74+
reserved3: 0x0
75+
content: C3
76+
- cmd: LC_SYMTAB
77+
cmdsize: 24
78+
symoff: 376
79+
nsyms: 3
80+
stroff: 424
81+
strsize: 24
82+
- cmd: LC_DYSYMTAB
83+
cmdsize: 80
84+
ilocalsym: 0
85+
nlocalsym: 2
86+
iextdefsym: 2
87+
nextdefsym: 1
88+
iundefsym: 3
89+
nundefsym: 0
90+
tocoff: 0
91+
ntoc: 0
92+
modtaboff: 0
93+
nmodtab: 0
94+
extrefsymoff: 0
95+
nextrefsyms: 0
96+
indirectsymoff: 0
97+
nindirectsyms: 0
98+
extreloff: 0
99+
nextrel: 0
100+
locreloff: 0
101+
nlocrel: 0
102+
LinkEditData:
103+
NameList:
104+
- n_strx: 14
105+
n_type: 0xE
106+
n_sect: 0
107+
n_desc: 0
108+
n_value: 0
109+
- n_strx: 8
110+
n_type: 0xE
111+
n_sect: 2
112+
n_desc: 0
113+
n_value: 0
114+
- n_strx: 1
115+
n_type: 0xF
116+
n_sect: 2
117+
n_desc: 0
118+
n_value: 0
119+
StringTable:
120+
- ''
121+
- _mysec
122+
- ltmp1
123+
- ltmp0
124+
- ''
125+
- ''
126+
- ''
127+
- ''
128+
...

0 commit comments

Comments
 (0)