From 5400980e1ed426a339073ed4e1ee48863a682a61 Mon Sep 17 00:00:00 2001
From: Alexey Samsonov <vonosmas@gmail.com>
Date: Thu, 4 Jun 2015 20:08:52 +0000
Subject: [PATCH] [Object, MachO] Don't crash on invalid MachO segment load
 commands.

Summary:
Properly report the error in segment load commands from MachOObjectFile
constructor instead of crashing the program.

Adjust the test case accordingly.

Test Plan: regression test suite

Reviewers: rafael, filcab

Subscribers: llvm-commits

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239081 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/Object/Error.h    |  2 ++
 lib/Object/Error.cpp           |  4 ++++
 lib/Object/MachOObjectFile.cpp | 26 +++++++++++++++-----------
 test/Object/macho-invalid.test |  4 ++--
 4 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/include/llvm/Object/Error.h b/include/llvm/Object/Error.h
index 13a14aa09c7..fe4372d4d96 100644
--- a/include/llvm/Object/Error.h
+++ b/include/llvm/Object/Error.h
@@ -29,6 +29,8 @@ enum class object_error {
   unexpected_eof,
   bitcode_section_not_found,
   macho_small_load_command,
+  macho_load_segment_too_many_sections,
+  macho_load_segment_too_small,
 };
 
 inline std::error_code make_error_code(object_error e) {
diff --git a/lib/Object/Error.cpp b/lib/Object/Error.cpp
index 1c8dad80b0a..5e4e237f4b0 100644
--- a/lib/Object/Error.cpp
+++ b/lib/Object/Error.cpp
@@ -46,6 +46,10 @@ std::string _object_error_category::message(int EV) const {
     return "Bitcode section not found in object file";
   case object_error::macho_small_load_command:
     return "Mach-O load command with size < 8 bytes";
+  case object_error::macho_load_segment_too_many_sections:
+    return "Mach-O segment load command contains too many sections";
+  case object_error::macho_load_segment_too_small:
+    return "Mach-O segment load command size is too small";
   }
   llvm_unreachable("An enumerator of object_error does not have a message "
                    "defined.");
diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp
index 3262c6c26ab..62514d2ec9a 100644
--- a/lib/Object/MachOObjectFile.cpp
+++ b/lib/Object/MachOObjectFile.cpp
@@ -66,17 +66,16 @@ static ErrorOr<T> getStructOrErr(const MachOObjectFile *O, const char *P) {
 }
 
 template <typename SegmentCmd>
-static uint32_t getSegmentLoadCommandNumSections(const SegmentCmd &S,
-                                                 uint32_t Cmdsize) {
+static ErrorOr<uint32_t> getSegmentLoadCommandNumSections(const SegmentCmd &S,
+                                                          uint32_t Cmdsize) {
   const unsigned SectionSize = sizeof(SegmentCmd);
   if (S.nsects > std::numeric_limits<uint32_t>::max() / SectionSize ||
       S.nsects * SectionSize > Cmdsize - sizeof(S))
-    report_fatal_error(
-        "Number of sections too large for size of load command.");
+    return object_error::macho_load_segment_too_many_sections;
   return S.nsects;
 }
 
-static uint32_t
+static ErrorOr<uint32_t>
 getSegmentLoadCommandNumSections(const MachOObjectFile *O,
                                  const MachOObjectFile::LoadCommandInfo &L) {
   if (O->is64Bit())
@@ -306,14 +305,19 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
       }
       UuidLoadCmd = Load.Ptr;
     } else if (Load.C.cmd == SegmentLoadType) {
-      const unsigned SegmentLoadSize = this->is64Bit()
+      const unsigned SegmentLoadSize = is64Bit()
                                            ? sizeof(MachO::segment_command_64)
                                            : sizeof(MachO::segment_command);
-      if (Load.C.cmdsize < SegmentLoadSize)
-        report_fatal_error("Segment load command size is too small.");
-
-      uint32_t NumSections = getSegmentLoadCommandNumSections(this, Load);
-      for (unsigned J = 0; J < NumSections; ++J) {
+      if (Load.C.cmdsize < SegmentLoadSize) {
+        EC = object_error::macho_load_segment_too_small;
+        return;
+      }
+      auto NumSectionsOrErr = getSegmentLoadCommandNumSections(this, Load);
+      if (!NumSectionsOrErr) {
+        EC = NumSectionsOrErr.getError();
+        return;
+      }
+      for (unsigned J = 0; J < NumSectionsOrErr.get(); ++J) {
         const char *Sec = getSectionPtr(this, Load, J);
         Sections.push_back(Sec);
       }
diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test
index 55b186dedd3..8bc11508dd5 100644
--- a/test/Object/macho-invalid.test
+++ b/test/Object/macho-invalid.test
@@ -15,13 +15,13 @@ RUN: not llvm-objdump -private-headers %p/Inputs/macho-invalid-too-small-segment
 RUN:      | FileCheck -check-prefix SMALL-SEGLOADC-SIZE %s
 RUN: not llvm-objdump -private-headers %p/Inputs/macho64-invalid-too-small-segment-load-command 2>&1 \
 RUN:      | FileCheck -check-prefix SMALL-SEGLOADC-SIZE %s
-SMALL-SEGLOADC-SIZE: Segment load command size is too small
+SMALL-SEGLOADC-SIZE: Mach-O segment load command size is too small
 
 RUN: not llvm-objdump -private-headers %p/Inputs/macho-invalid-no-size-for-sections 2>&1 \
 RUN:      | FileCheck -check-prefix TOO-MANY-SECTS %s
 RUN: not llvm-objdump -private-headers %p/Inputs/macho64-invalid-no-size-for-sections 2>&1 \
 RUN:      | FileCheck -check-prefix TOO-MANY-SECTS %s
-TOO-MANY-SECTS: Number of sections too large for size of load command
+TOO-MANY-SECTS: Mach-O segment load command contains too many sections
 
 RUN: not llvm-objdump -t %p/Inputs/macho-invalid-bad-symbol-index 2>&1 \
 RUN:      | FileCheck -check-prefix BAD-SYMBOL %s
-- 
2.34.1