search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

COFFObjectFile crash when iterating imported symbols #33791

Open Quuxplusone opened 7 years ago

Quuxplusone commented 7 years ago
Bugzilla Link PR34818
Status NEW
Importance P enhancement
Reported by parker (w.parker.thompson@gmail.com)
Reported on 2017-10-03 11:13:12 -0700
Last modified on 2017-10-03 11:13:12 -0700
Version trunk
Hardware PC Linux
CC llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments coff_import_nullptr.bin (293664 bytes, application/x-ms-dos-executable)
Blocks
Blocked by
See also 
Created attachment 19224
Coff file that causes a null ptr segv

A malformed PE file can cause LLVM to crash when iterating the
imported_symbols() API on the COFFObjectFile.

It appears that importedSymbolEnd() that there is a missing null check of
IntPtr after the call:
Object->getRvaPtr(RVA, IntPtr);

Reproduction steps (tested against current master branch in github mirror):

./bin/llvm-objdump -private-headers /path/to/attached/file

Stack trace:

#0 0x0000555dbd61a62d llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/user/llvm/lib/Support/Unix/Signals.inc:398:0
#1 0x0000555dbd61a6d1 PrintStackTraceSignalHandler(void*)
/home/user/llvm/lib/Support/Unix/Signals.inc:462:0
#2 0x0000555dbd618764 llvm::sys::RunSignalHandlers()
/home/user/llvm/lib/Support/Signals.cpp:49:0
#3 0x0000555dbd619dde SignalHandler(int)
/home/user/llvm/lib/Support/Unix/Signals.inc:252:0
#4 0x00007fa8b8ff7da0 __restore_rt (/usr/lib/libpthread.so.0+0x11da0)
#5 0x0000555dbd010d79 unsigned int llvm::support::endian::read<unsigned int,
1ul>(void const*, llvm::support::endianness)
/home/user/llvm/include/llvm/Support/Endian.h:69:0
#6 0x0000555dbd011905 unsigned int llvm::support::endian::read<unsigned int,
(llvm::support::endianness)1, 1ul>(void const*)
/home/user/llvm/include/llvm/Support/Endian.h:81:0
#7 0x0000555dbd009ebb
llvm::support::detail::packed_endian_specific_integral<unsigned int,
(llvm::support::endianness)1, 1ul>::operator unsigned int() const
/home/user/llvm/include/llvm/Support/Endian.h:218:0
#8 0x0000555dbd4871b5 importedSymbolEnd(unsigned int,
llvm::object::COFFObjectFile const*)
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1309:0
#9 0x0000555dbd487337
llvm::object::ImportDirectoryEntryRef::imported_symbol_end() const
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1329:0
#10 0x0000555dbd487399
llvm::object::ImportDirectoryEntryRef::imported_symbols() const
/home/user/llvm/lib/Object/COFFObjectFile.cpp:1333:0
#11 0x0000555dbd040aa5 printImportTables(llvm::object::COFFObjectFile const*)
/home/user/llvm/tools/llvm-objdump/COFFDump.cpp:368:0
#12 0x0000555dbd041fb8 llvm::printCOFFFileHeader(llvm::object::ObjectFile
const*) /home/user/llvm/tools/llvm-objdump/COFFDump.cpp:616:0
#13 0x0000555dbcff81c1 printPrivateFileHeaders(llvm::object::ObjectFile const*,
bool) /home/user/llvm/tools/llvm-objdump/llvm-objdump.cpp:2013:0
#14 0x0000555dbcff85ef DumpObject(llvm::object::ObjectFile*,
llvm::object::Archive const*) /home/user/llvm/tools/llvm-objdump/llvm-
objdump.cpp:2051:0
#15 0x0000555dbcff8e9d DumpInput(llvm::StringRef) /home/user/llvm/tools/llvm-
objdump/llvm-objdump.cpp:2129:0
#16 0x0000555dbd010206 void
(*std::for_each<__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >, void
(*)(llvm::StringRef)>(__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >,
__gnu_cxx::__normal_iterator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > >, void
(*)(llvm::StringRef)))(llvm::StringRef)
/usr/include/c++/7.2.0/bits/stl_algo.h:3883:0
#17 0x0000555dbcff95ae main /home/user/llvm/tools/llvm-objdump/llvm-
objdump.cpp:2192:0
#18 0x00007fa8b7ad6f6a __libc_start_main (/usr/lib/libc.so.6+0x20f6a)
#19 0x0000555dbcfeda6a _start (./bin/llvm-objdump+0x2aea6a)
Quuxplusone commented 7 years ago

Attached coff_import_nullptr.bin (293664 bytes, application/x-ms-dos-executable): Coff file that causes a null ptr segv