[Git][ghc/ghc][master] [PEi386 linker] Bounds check and null-deref guard

Marge Bot (@marge-bot) gitlab at gitlab.haskell.org
Thu Oct 12 10:50:59 UTC 2023 


Marge Bot pushed to branch master at Glasgow Haskell Compiler / GHC


Commits:
df81536f by Moritz Angermann at 2023-10-12T06:50:16-04:00
[PEi386 linker] Bounds check and null-deref guard

We should resonably be able to expect that we won't exceed the number of
sections if we assume to be dealing with legal object files. We can however
not guarantee that we get some negative values, and while we try to
special case most, we should exclude negative indexing into the sections
array.

We also need to ensure that we do not try to derefences targetSection,
if it is NULL, due to the switch statement.

- - - - -


1 changed file:

- rts/linker/PEi386.c


Changes:

=====================================
rts/linker/PEi386.c
=====================================
@@ -1775,9 +1775,13 @@ ocGetNames_PEi386 ( ObjectCode* oc )
               targetSection = NULL;
               break;
             default:
-              targetSection = &oc->sections[targetSecNumber-1];
+              // targetSecNumber is a uint32_t, and the 0 case should be caught by PE_SECTION_UNDEFINED.
+              // The compiler should be smart enough to eliminate the guard, we'll keep it in as fail
+              // safe nontheless.
+              targetSection = targetSecNumber > 0 ? &oc->sections[targetSecNumber-1] : NULL;
           }
-          addr = (SymbolAddr*) ((size_t) targetSection->start + getSymValue(info, targetSym));
+          if(NULL != targetSection)
+              addr = (SymbolAddr*) ((size_t) targetSection->start + getSymValue(info, targetSym));
       }
       else if (  secNumber == IMAGE_SYM_UNDEFINED && symValue > 0) {
          /* This symbol isn't in any section at all, ie, global bss.



View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/df81536f2e53abf521a05eb1e482a076f5849c21

-- 
View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/df81536f2e53abf521a05eb1e482a076f5849c21
You're receiving this email because of your account on gitlab.haskell.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-commits/attachments/20231012/2f27426a/attachment-0001.html>

More information about the ghc-commits mailing list