Skip to content
Commit ba808b15 authored by Georgii Rymar's avatar Georgii Rymar
Browse files

[llvm-readobj] - Validate the DT_STRSZ value to avoid crash. 

It is possible to trigger a crash when a dynamic symbol has a
broken (too large) st_name and the DT_STRSZ is also broken.

We have the following code in the `Elf_Sym_Impl<ELFT>::getName`:

```
template <class ELFT>
Expected<StringRef> Elf_Sym_Impl<ELFT>::getName(StringRef StrTab) const {
  uint32_t Offset = this->st_name;
  if (Offset >= StrTab.size())
    return createStringError(object_error::parse_failed,
                             "st_name (0x%" PRIx32
                             ") is past the end of the string table"
                             " of size 0x%zx",
                             Offset, StrTab.size());
...
```

The problem is that `StrTab` here is a `ELFDumper::DynamicStringTab` member
which is not validated properly on initialization. So it is possible to bypass the
`if` even when the `st_name` is huge.

This patch fixes the issue.

Differential revision: https://reviews.llvm.org/D82201
parent 16cc759e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment