If a filename is a multiple of 18 characters, there will be no null-terminator.
This will result in an invalid access by the constructed StringRef. Add a test
case to exercise this and fix that handling. Address this same vulnerability in
llvm-readobj as well.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206145
91177308-0d34-0410-b5e6-
96231b3b80d8
--- /dev/null
+header: !Header
+ Machine: IMAGE_FILE_MACHINE_I386 # (0x14c)
+ Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ]
+sections:
+symbols:
+ - !Symbol
+ Name: .file
+ Value: 0
+ SectionNumber: 65534
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_FILE
+ File: eighteen-chars.obj
+ - !Symbol
+ Name: '@comp.id'
+ Value: 13485607
+ SectionNumber: 65535
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+
--- /dev/null
+RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-objdump -t - | FileCheck %s
+
+CHECK: .file
+CHECK: AUX eighteen-chars.obj{{$}}
+
--- /dev/null
+header: !Header
+ Machine: IMAGE_FILE_MACHINE_I386 # (0x14c)
+ Characteristics: [ IMAGE_FILE_DEBUG_STRIPPED ]
+sections:
+symbols:
+ - !Symbol
+ Name: .file
+ Value: 0
+ SectionNumber: 65534
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_FILE
+ File: eighteen-chars.obj
+ - !Symbol
+ Name: '@comp.id'
+ Value: 13485607
+ SectionNumber: 65535
+ SimpleType: IMAGE_SYM_TYPE_NULL
+ ComplexType: IMAGE_SYM_DTYPE_NULL
+ StorageClass: IMAGE_SYM_CLASS_STATIC
+
--- /dev/null
+RUN: yaml2obj %p/Inputs/file-aux-record.yaml | llvm-readobj -t - | FileCheck %s
+
+CHECK: Symbols [
+CHECK: Symbol {
+CHECK: Name: .file
+CHECK: Value: 0
+CHECK: StorageClass: File
+CHECK: AuxSymbolCount: 1
+CHECK: AuxFileRecord {
+CHECK: FileName: eighteen-chars.obj{{$}}
+CHECK: }
+CHECK: }
+CHECK: Symbol {
+CHECK: Name: @comp.id
+CHECK: Value: 13485607
+CHECK: StorageClass: Static
+CHECK: AuxSymbolCount: 0
+CHECK: }
+CHECK: ]
+
const coff_symbol *symbol = 0;
for (int i = 0, e = header->NumberOfSymbols; i != e; ++i) {
if (aux_count--) {
- switch (symbol->StorageClass) {
- default: outs() << "AUX Unknown\n";
- case COFF::IMAGE_SYM_CLASS_STATIC:
- // Section definition. Follows a symbol-table record that defines a
- // section. Such a record has a symbol name that is the name of a
- // section and has storage class STATIC (3).
- if (symbol->Value) {
- errs() << "invalid entry in Symbol Table";
- break;
- }
-
+ if (symbol->isSectionDefinition()) {
const coff_aux_section_definition *asd;
if (error(coff->getAuxSymbol<coff_aux_section_definition>(i, asd)))
return;
<< format("assoc %d comdat %d\n"
, unsigned(asd->Number)
, unsigned(asd->Selection));
- break;
- case COFF::IMAGE_SYM_CLASS_FILE:
+ } else if (symbol->isFileRecord()) {
const coff_aux_file *AF;
if (error(coff->getAuxSymbol<coff_aux_file>(i, AF)))
return;
- outs() << "AUX " << StringRef(AF->FileName) << '\n';
+
+ StringRef Name(AF->FileName, (aux_count + 1) * COFF::SymbolSize);
+ outs() << "AUX " << Name.rtrim(StringRef("\0", 1)) << '\n';
i = i + aux_count;
aux_count = 0;
- break;
+ } else {
+ outs() << "AUX Unknown\n";
}
} else {
StringRef name;
break;
DictScope AS(W, "AuxFileRecord");
- W.printString("FileName", StringRef(Aux->FileName));
+
+ StringRef Name(Aux->FileName,
+ Symbol->NumberOfAuxSymbols * COFF::SymbolSize);
+ W.printString("FileName", Name.rtrim(StringRef("\0", 1)));
} else if (Symbol->isSectionDefinition()) {
const coff_aux_section_definition *Aux;
if (error(getSymbolAuxData(Obj, Symbol + I, Aux)))