Add missing error handling to ReflectionContext

adrian-prantl · adrian-prantl · commit 714cefbba4af · 2021-02-24T15:07:33.000-08:00
We found crashes deep in TypeRefBuilder that could traced back to a likely
nullptr RemoteRef&lt;&gt; section address. It is very plausible that this is
connected to a failed MemoryReader::getBytes() call, which can fail but
isn't checked.

This patch adds missing error checks to every call to readBytes().

rdar://74445486
diff --git a/include/swift/Reflection/ReflectionContext.h b/include/swift/Reflection/ReflectionContext.h
@@ -153,6 +153,8 @@ class ReflectionContext
       auto CmdBuf = this->getReader().readBytes(
           RemoteAddress(CmdStartAddress.getAddressData() + Offset),
           SegmentCmdHdrSize);
+      if (!CmdBuf)
+        return false;
       auto CmdHdr = reinterpret_cast<typename T::SegmentCmd *>(CmdBuf.get());
       if (strncmp(CmdHdr->segname, "__TEXT", sizeof(CmdHdr->segname)) == 0) {
         Command = CmdHdr;
@@ -173,6 +175,8 @@ class ReflectionContext
     auto LoadCmdAddress = reinterpret_cast<const char *>(loadCmdOffset);
     auto LoadCmdBuf = this->getReader().readBytes(
         RemoteAddress(LoadCmdAddress), sizeof(typename T::SegmentCmd));
+    if (!LoadCmdBuf)
+      return false;
     auto LoadCmd = reinterpret_cast<typename T::SegmentCmd *>(LoadCmdBuf.get());
 
     // The sections start immediately after the load command.
@@ -181,6 +185,8 @@ class ReflectionContext
                        sizeof(typename T::SegmentCmd);
     auto Sections = this->getReader().readBytes(
         RemoteAddress(SectAddress), NumSect * sizeof(typename T::Section));
+    if (!Sections)
+      return false;
 
     auto Slide = ImageStart.getAddressData() - Command->vmaddr;
     std::string Prefix = "__swift5";
@@ -211,6 +217,8 @@ class ReflectionContext
 
     auto SectBuf = this->getReader().readBytes(RemoteAddress(RangeStart),
                                                RangeEnd - RangeStart);
+    if (!SectBuf)
+      return false;
 
     auto findMachOSectionByName = [&](llvm::StringRef Name)
         -> std::pair<RemoteRef<void>, uint64_t> {
@@ -267,6 +275,8 @@ class ReflectionContext
       auto CmdBuf = this->getReader().readBytes(
           RemoteAddress(CmdStartAddress.getAddressData() + Offset),
           SegmentCmdHdrSize);
+      if (!CmdBuf)
+        return false;
       auto CmdHdr = reinterpret_cast<typename T::SegmentCmd *>(CmdBuf.get());
       if (strncmp(CmdHdr->segname, "__DATA", sizeof(CmdHdr->segname)) == 0) {
         auto DataSegmentEnd =
@@ -289,6 +299,8 @@ class ReflectionContext
   bool readPECOFFSections(RemoteAddress ImageStart) {
     auto DOSHdrBuf = this->getReader().readBytes(
         ImageStart, sizeof(llvm::object::dos_header));
+    if (!DOSHdrBuf)
+      return false;
     auto DOSHdr =
         reinterpret_cast<const llvm::object::dos_header *>(DOSHdrBuf.get());
     auto COFFFileHdrAddr = ImageStart.getAddressData() +
@@ -297,6 +309,8 @@ class ReflectionContext
 
     auto COFFFileHdrBuf = this->getReader().readBytes(
         RemoteAddress(COFFFileHdrAddr), sizeof(llvm::object::coff_file_header));
+    if (!COFFFileHdrBuf)
+      return false;
     auto COFFFileHdr = reinterpret_cast<const llvm::object::coff_file_header *>(
         COFFFileHdrBuf.get());
 
@@ -306,9 +320,11 @@ class ReflectionContext
     auto SectionTableBuf = this->getReader().readBytes(
         RemoteAddress(SectionTableAddr),
         sizeof(llvm::object::coff_section) * COFFFileHdr->NumberOfSections);
+    if (!SectionTableBuf)
+      return false;
 
-    auto findCOFFSectionByName = [&](llvm::StringRef Name)
-        -> std::pair<RemoteRef<void>, uint64_t> {
+    auto findCOFFSectionByName =
+        [&](llvm::StringRef Name) -> std::pair<RemoteRef<void>, uint64_t> {
       for (size_t i = 0; i < COFFFileHdr->NumberOfSections; ++i) {
         const llvm::object::coff_section *COFFSec =
             reinterpret_cast<const llvm::object::coff_section *>(
@@ -323,6 +339,8 @@ class ReflectionContext
         auto Addr = ImageStart.getAddressData() + COFFSec->VirtualAddress;
         auto Buf = this->getReader().readBytes(RemoteAddress(Addr),
                                                COFFSec->VirtualSize);
+        if (!Buf)
+          return {nullptr, 0};
         auto BufStart = Buf.get();
         savedBuffers.push_back(std::move(Buf));
 
@@ -508,6 +526,8 @@ class ReflectionContext
             } else {
               SecBuf = this->getReader().readBytes(SecStart, SecSize);
             }
+            if (!SecBuf)
+              return {nullptr, 0};
             auto SecContents =
                 RemoteRef<void>(SecStart.getAddressData(), SecBuf.get());
             savedBuffers.push_back(std::move(SecBuf));
@@ -576,6 +596,8 @@ class ReflectionContext
   bool readELF(RemoteAddress ImageStart, llvm::Optional<llvm::sys::MemoryBlock> FileBuffer) {
     auto Buf =
         this->getReader().readBytes(ImageStart, sizeof(llvm::ELF::Elf64_Ehdr));
+    if (!Buf)
+      return false;
 
     // Read the header.
     auto Hdr = reinterpret_cast<const llvm::ELF::Elf64_Ehdr *>(Buf.get());
@@ -887,10 +909,10 @@ class ReflectionContext
       return;
     auto NodeBytes = getReader().readBytes(RemoteAddress(NodePtr),
                                            sizeof(ConformanceNode<Runtime>));
+    if (!NodeBytes)
+      return;
     auto NodeData =
       reinterpret_cast<const ConformanceNode<Runtime> *>(NodeBytes.get());
-    if (!NodeData)
-      return;
     Call(NodeData->Type, NodeData->Proto);
     iterateConformanceTree(NodeData->Left, Call);
     iterateConformanceTree(NodeData->Right, Call);
@@ -901,21 +923,21 @@ class ReflectionContext
       std::function<void(StoredPointer Type, StoredPointer Proto)> Call) {
     auto MapBytes = getReader().readBytes(RemoteAddress(ConformancesPtr),
                                           sizeof(ConcurrentHashMap<Runtime>));
+    if (!MapBytes)
+      return;
     auto MapData =
         reinterpret_cast<const ConcurrentHashMap<Runtime> *>(MapBytes.get());
-    if (!MapData)
-      return;
 
     auto Count = MapData->ElementCount;
     auto Size = Count * sizeof(ConformanceCacheEntry<Runtime>);
 
     auto ElementsBytes =
         getReader().readBytes(RemoteAddress(MapData->Elements), Size);
+    if (!ElementsBytes)
+      return;
     auto ElementsData =
         reinterpret_cast<const ConformanceCacheEntry<Runtime> *>(
             ElementsBytes.get());
-    if (!ElementsData)
-      return;
 
     for (StoredSize i = 0; i < Count; i++) {
       auto &Element = ElementsData[i];
@@ -983,10 +1005,10 @@ class ReflectionContext
         auto AllocationBytes =
           getReader().readBytes(RemoteAddress(Allocation.Ptr),
                                               Allocation.Size);
+        if (!AllocationBytes)
+          return 0;
         auto Entry = reinterpret_cast<const GenericMetadataCacheEntry *>(
           AllocationBytes.get());
-        if (!Entry)
-          return 0;
         return Entry->Value;
     }
     return 0;
@@ -1023,10 +1045,10 @@ class ReflectionContext
     case GenericWitnessTableCacheTag: {
       auto NodeBytes = getReader().readBytes(
           RemoteAddress(Allocation.Ptr), sizeof(MetadataCacheNode<Runtime>));
+      if (!NodeBytes)
+        return llvm::None;
       auto Node =
           reinterpret_cast<const MetadataCacheNode<Runtime> *>(NodeBytes.get());
-      if (!Node)
-        return llvm::None;
       return *Node;
     }
     default:
@@ -1079,23 +1101,23 @@ class ReflectionContext
 
     auto PoolBytes = getReader()
       .readBytes(AllocationPoolAddr->getResolvedAddress(), sizeof(PoolRange));
-    auto Pool = reinterpret_cast<const PoolRange *>(PoolBytes.get());
-    if (!Pool)
+    if (!PoolBytes)
       return std::string("failure reading allocation pool contents");
+    auto Pool = reinterpret_cast<const PoolRange *>(PoolBytes.get());
 
     auto TrailerPtr = Pool->Begin + Pool->Remaining;
     while (TrailerPtr) {
       auto TrailerBytes = getReader()
         .readBytes(RemoteAddress(TrailerPtr), sizeof(PoolTrailer));
-      auto Trailer = reinterpret_cast<const PoolTrailer *>(TrailerBytes.get());
-      if (!Trailer)
+      if (!TrailerBytes)
         break;
+      auto Trailer = reinterpret_cast<const PoolTrailer *>(TrailerBytes.get());
       auto PoolStart = TrailerPtr - Trailer->PoolSize;
       auto PoolBytes = getReader()
         .readBytes(RemoteAddress(PoolStart), Trailer->PoolSize);
-      auto PoolPtr = (const char *)PoolBytes.get();
-      if (!PoolPtr)
+      if (!PoolBytes)
         break;
+      auto PoolPtr = (const char *)PoolBytes.get();
 
       uintptr_t Offset = 0;
       while (Offset < Trailer->PoolSize) {
@@ -1137,10 +1159,7 @@ class ReflectionContext
       auto HeaderBytes = getReader().readBytes(
           RemoteAddress(BacktraceListNext),
           sizeof(MetadataAllocationBacktraceHeader<Runtime>));
-      auto HeaderPtr =
-          reinterpret_cast<const MetadataAllocationBacktraceHeader<Runtime> *>(
-              HeaderBytes.get());
-      if (HeaderPtr == nullptr) {
+      if (!HeaderBytes) {
         // FIXME: std::stringstream would be better, but LLVM's standard library
         // introduces a vtable and we don't want that.
         char result[128];
@@ -1149,6 +1168,9 @@ class ReflectionContext
             BacktraceListNext.getAddressData());
         return std::string(result);
       }
+      auto HeaderPtr =
+          reinterpret_cast<const MetadataAllocationBacktraceHeader<Runtime> *>(
+              HeaderBytes.get());
       auto BacktraceAddrPtr =
           BacktraceListNext +
           sizeof(MetadataAllocationBacktraceHeader<Runtime>);
