lld: Fix initial Mach-O load commands size calculation omitting LC_FUNCTION_STARTS

rui314 · rui314 · commit 7f8ca6e3679b · 2019-04-17T01:47:16.000Z
Patch by Nicholas Allegra.

The Mach-O writer calculates the size of load commands multiple times.

First, Util::assignAddressesToSections() (in MachONormalizedFileFromAtoms.cpp)
calculates the size using headerAndLoadCommandsSize() (in
MachONormalizedFileBinaryWriter.cpp), which creates a temporary
MachOFileLayout for the NormalizedFile, only to retrieve its
headerAndLoadCommandsSize.  Later, writeBinary() (in
MachONormalizedFileBinaryWriter.cpp) creates a new layout and uses the offsets
from that layout to actually write out everything in the NormalizedFile.

But the NormalizedFile changes between the first computation and the second.
When Util::assignAddressesToSections is called, file.functionStarts is always
empty because Util::addFunctionStarts has not yet been called. Yet
MachOFileLayout decides whether to include a LC_FUNCTION_STARTS command based
on whether file.functionStarts is nonempty. Therefore, the initial computation
always omits it.

Because padding for the __TEXT segment (to make its size a multiple of the
page size) is added between the load commands and the first section, LLD still
generates a valid binary as long as the amount of padding happens to be large
enough to fit LC_FUNCTION_STARTS command, which it usually is.

However, it's easy to reproduce the issue by adding a section of a precise
size. Given foo.c:

  __attribute__((section("__TEXT,__foo")))
  char foo[0xd78] = {0};

Run:

  clang -dynamiclib -o foo.dylib foo.c -fuse-ld=lld -install_name
  /usr/lib/foo.dylib
  otool -lvv foo.dylib

This should produce:

  truncated or malformed object (offset field of section 1 in LC_SEGMENT_64
  command 0 not past the headers of the file)

This commit:

 - Changes MachOFileLayout to always assume LC_FUNCTION_STARTS is present for
   the initial computation, as long as generating LC_FUNCTION_STARTS is
   enabled. It would be slightly better to check whether there are actually
   any functions, since no LC_FUNCTION_STARTS will be generated if not, but it
   doesn't cause a problem if the initial computation is too high.

 - Adds a test.

 - Adds an assert in MachOFileLayout::writeSectionContent() that we are not
   writing section content into the load commands region (which would happen
   if the offset was calculated too low due to the initial load commands size
   calculation being too low).  Adds an assert in
   MachOFileLayout::writeLoadCommands to validate a similar situation where
   two size-of-load-commands computations are expected to be equivalent.

llvm-svn: 358545
diff --git a/lld/lib/ReaderWriter/MachO/MachONormalizedFile.h b/lld/lib/ReaderWriter/MachO/MachONormalizedFile.h
@@ -287,7 +287,8 @@ readBinary(std::unique_ptr<MemoryBuffer> &mb,
 /// Takes in-memory normalized view and writes a mach-o object file.
 llvm::Error writeBinary(const NormalizedFile &file, StringRef path);
 
-size_t headerAndLoadCommandsSize(const NormalizedFile &file);
+size_t headerAndLoadCommandsSize(const NormalizedFile &file,
+                                 bool includeFunctionStarts);
 
 
 /// Parses a yaml encoded mach-o file to produce an in-memory normalized view.
diff --git a/lld/lib/ReaderWriter/MachO/MachONormalizedFileBinaryWriter.cpp b/lld/lib/ReaderWriter/MachO/MachONormalizedFileBinaryWriter.cpp
@@ -108,7 +108,7 @@ struct TrieNode {
 class MachOFileLayout {
 public:
   /// All layout computation is done in the constructor.
-  MachOFileLayout(const NormalizedFile &file);
+  MachOFileLayout(const NormalizedFile &file, bool alwaysIncludeFunctionStarts);
 
   /// Returns the final file size as computed in the constructor.
   size_t      size() const;
@@ -122,7 +122,8 @@ class MachOFileLayout {
   llvm::Error writeBinary(StringRef path);
 
 private:
-  uint32_t    loadCommandsSize(uint32_t &count);
+  uint32_t    loadCommandsSize(uint32_t &count,
+                               bool alwaysIncludeFunctionStarts);
   void        buildFileOffsets();
   void        writeMachHeader();
   llvm::Error writeLoadCommands();
@@ -231,8 +232,9 @@ class MachOFileLayout {
   ByteBuffer            _exportTrie;
 };
 
-size_t headerAndLoadCommandsSize(const NormalizedFile &file) {
-  MachOFileLayout layout(file);
+size_t headerAndLoadCommandsSize(const NormalizedFile &file,
+                                 bool includeFunctionStarts) {
+  MachOFileLayout layout(file, includeFunctionStarts);
   return layout.headerAndLoadCommandsSize();
 }
 
@@ -249,7 +251,8 @@ size_t MachOFileLayout::headerAndLoadCommandsSize() const {
   return _endOfLoadCommands;
 }
 
-MachOFileLayout::MachOFileLayout(const NormalizedFile &file)
+MachOFileLayout::MachOFileLayout(const NormalizedFile &file,
+                                 bool alwaysIncludeFunctionStarts)
     : _file(file),
       _is64(MachOLinkingContext::is64Bit(file.arch)),
       _swap(!MachOLinkingContext::isHostEndian(file.arch)),
@@ -270,7 +273,7 @@ MachOFileLayout::MachOFileLayout(const NormalizedFile &file)
       _endOfLoadCommands += sizeof(version_min_command);
       _countOfLoadCommands++;
     }
-    if (!_file.functionStarts.empty()) {
+    if (!_file.functionStarts.empty() || alwaysIncludeFunctionStarts) {
       _endOfLoadCommands += sizeof(linkedit_data_command);
       _countOfLoadCommands++;
     }
@@ -325,7 +328,8 @@ MachOFileLayout::MachOFileLayout(const NormalizedFile &file)
   } else {
     // Final linked images have one load command per segment.
     _endOfLoadCommands = _startOfLoadCommands
-                          + loadCommandsSize(_countOfLoadCommands);
+                          + loadCommandsSize(_countOfLoadCommands,
+                                             alwaysIncludeFunctionStarts);
 
     // Assign section file offsets.
     buildFileOffsets();
@@ -374,7 +378,8 @@ MachOFileLayout::MachOFileLayout(const NormalizedFile &file)
   }
 }
 
-uint32_t MachOFileLayout::loadCommandsSize(uint32_t &count) {
+uint32_t MachOFileLayout::loadCommandsSize(uint32_t &count,
+                                           bool alwaysIncludeFunctionStarts) {
   uint32_t size = 0;
   count = 0;
 
@@ -444,7 +449,7 @@ uint32_t MachOFileLayout::loadCommandsSize(uint32_t &count) {
   }
 
   // Add LC_FUNCTION_STARTS if needed
-  if (!_file.functionStarts.empty()) {
+  if (!_file.functionStarts.empty() || alwaysIncludeFunctionStarts) {
     size += sizeof(linkedit_data_command);
     ++count;
   }
@@ -1006,6 +1011,7 @@ llvm::Error MachOFileLayout::writeLoadCommands() {
       lc += sizeof(linkedit_data_command);
     }
   }
+  assert(lc == &_buffer[_endOfLoadCommands]);
   return llvm::Error::success();
 }
 
@@ -1017,6 +1023,7 @@ void MachOFileLayout::writeSectionContent() {
     if (s.content.empty())
       continue;
     uint32_t offset = _sectInfo[&s].fileOffset;
+    assert(offset >= _endOfLoadCommands);
     uint8_t *p = &_buffer[offset];
     memcpy(p, &s.content[0], s.content.size());
     p += s.content.size();
@@ -1542,7 +1549,7 @@ llvm::Error MachOFileLayout::writeBinary(StringRef path) {
 
 /// Takes in-memory normalized view and writes a mach-o object file.
 llvm::Error writeBinary(const NormalizedFile &file, StringRef path) {
-  MachOFileLayout layout(file);
+  MachOFileLayout layout(file, false);
   return layout.writeBinary(path);
 }
 
diff --git a/lld/lib/ReaderWriter/MachO/MachONormalizedFileFromAtoms.cpp b/lld/lib/ReaderWriter/MachO/MachONormalizedFileFromAtoms.cpp
@@ -587,7 +587,8 @@ void Util::layoutSectionsInTextSegment(size_t hlcSize, SegmentInfo *seg,
 
 void Util::assignAddressesToSections(const NormalizedFile &file) {
   // NOTE!: Keep this in sync with organizeSections.
-  size_t hlcSize = headerAndLoadCommandsSize(file);
+  size_t hlcSize = headerAndLoadCommandsSize(file,
+                                      _ctx.generateFunctionStartsLoadCommand());
   uint64_t address = 0;
   for (SegmentInfo *seg : _segmentInfos) {
     if (seg->name.equals("__PAGEZERO")) {
diff --git a/lld/test/mach-o/load-commands-size.yaml b/lld/test/mach-o/load-commands-size.yaml
