[Git][ghc/ghc][wip/angerman/no-null-deref] [PEi386 linker] Bounds check and null-deref guard

Moritz Angermann (@angerman) gitlab at gitlab.haskell.org
Thu Oct 12 02:06:34 UTC 2023 


Moritz Angermann pushed to branch wip/angerman/no-null-deref at Glasgow Haskell Compiler / GHC


Commits:
7bbf59e3 by Moritz Angermann at 2023-10-12T10:06:16+08:00
[PEi386 linker] Bounds check and null-deref guard

We should resonably be able to expect that we won't exceed the number of
sections if we assume to be dealing with legal object files. We can however
not guarantee that we get some negative values, and while we try to
special case most, we should exclude negative indexing into the sections
array.

We also need to ensure that we do not try to derefences targetSection,
if it is NULL, due to the switch statement.

- - - - -


1 changed file:

- rts/linker/PEi386.c


Changes:

=====================================
rts/linker/PEi386.c
=====================================
@@ -1775,9 +1775,13 @@ ocGetNames_PEi386 ( ObjectCode* oc )
               targetSection = NULL;
               break;
             default:
-              targetSection = &oc->sections[targetSecNumber-1];
+              // targetSecNumber is a uint32_t, and the 0 case should be caught by PE_SECTION_UNDEFINED.
+              // The compiler should be smart enough to eliminate the guard, we'll keep it in as fail
+              // safe nontheless.
+              targetSection = targetSecNumber > 0 ? &oc->sections[targetSecNumber-1] : NULL;
           }
-          addr = (SymbolAddr*) ((size_t) targetSection->start + getSymValue(info, targetSym));
+          if(NULL != targetSection)
+              addr = (SymbolAddr*) ((size_t) targetSection->start + getSymValue(info, targetSym));
       }
       else if (  secNumber == IMAGE_SYM_UNDEFINED && symValue > 0) {
          /* This symbol isn't in any section at all, ie, global bss.



View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/7bbf59e36e2b5b1e8882963016dbfc28f6fc9490

-- 
View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/7bbf59e36e2b5b1e8882963016dbfc28f6fc9490
You're receiving this email because of your account on gitlab.haskell.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-commits/attachments/20231011/d3bbb18e/attachment-0001.html>

More information about the ghc-commits mailing list