[Decompression] Fail gracefully when out of memory

This patch adds failing gracefully when running out of memory when allocating a buffer for decompression. This provides a work-around for: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3224 Differential revision: https://reviews.llvm.org/D37447 llvm-svn: 312526
llvm · Sep 5, 2017 · 0992d38 · 0992d38
1 parent 108f36d
commit 0992d38
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 4 deletions.
diff --git a/llvm/include/llvm/Object/Decompressor.h b/llvm/include/llvm/Object/Decompressor.h
@@ -13,6 +13,7 @@
 #include "llvm/ADT/SmallString.h"
 #include "llvm/ADT/StringRef.h"
 #include "llvm/Object/ObjectFile.h"
+#include "llvm/Support/ErrorHandling.h"
 
 namespace llvm {
 namespace object {
@@ -31,7 +32,9 @@ class Decompressor {
   /// @brief Resize the buffer and uncompress section data into it.
   /// @param Out         Destination buffer.
   template <class T> Error resizeAndDecompress(T &Out) {
+    install_bad_alloc_error_handler(outOfMemoryHandler, this);
     Out.resize(DecompressedSize);
+    remove_bad_alloc_error_handler();
     return decompress({Out.data(), (size_t)DecompressedSize});
   }
 
@@ -52,11 +55,14 @@ class Decompressor {
   static bool isGnuStyle(StringRef Name);
 
 private:
-  Decompressor(StringRef Data);
+  static void outOfMemoryHandler(void *Data, const std::string &Message, bool);
+
+  Decompressor(StringRef Name, StringRef Data);
 
   Error consumeCompressedGnuHeader();
   Error consumeCompressedZLibHeader(bool Is64Bit, bool IsLittleEndian);
 
+  StringRef SectionName;
   StringRef SectionData;
   uint64_t DecompressedSize;
 };

diff --git a/llvm/lib/Object/Decompressor.cpp b/llvm/lib/Object/Decompressor.cpp
@@ -23,16 +23,16 @@ Expected<Decompressor> Decompressor::create(StringRef Name, StringRef Data,
   if (!zlib::isAvailable())
     return createError("zlib is not available");
 
-  Decompressor D(Data);
+  Decompressor D(Name, Data);
   Error Err = isGnuStyle(Name) ? D.consumeCompressedGnuHeader()
                                : D.consumeCompressedZLibHeader(Is64Bit, IsLE);
   if (Err)
     return std::move(Err);
   return D;
 }
 
-Decompressor::Decompressor(StringRef Data)
-    : SectionData(Data), DecompressedSize(0) {}
+Decompressor::Decompressor(StringRef Name, StringRef Data)
+    : SectionName(Name), SectionData(Data), DecompressedSize(0) {}
 
 Error Decompressor::consumeCompressedGnuHeader() {
   if (!SectionData.startswith("ZLIB"))
@@ -92,3 +92,11 @@ Error Decompressor::decompress(MutableArrayRef<char> Buffer) {
   size_t Size = Buffer.size();
   return zlib::uncompress(SectionData, Buffer.data(), Size);
 }
+
+void Decompressor::outOfMemoryHandler(void *Data, const std::string &Message,
+                                      bool) {
+  const auto *D = static_cast<const Decompressor *>(Data);
+  report_fatal_error("decompression of '" + Twine(D->SectionName) +
+                     "' failed: unable to allocate " +
+                     Twine(D->DecompressedSize) + " bytes.");
+}
diff --git a/llvm/test/DebugInfo/Inputs/dwarfdump-decompression-invalid-size.elf-x86-64 b/llvm/test/DebugInfo/Inputs/dwarfdump-decompression-invalid-size.elf-x86-64
diff --git a/llvm/test/DebugInfo/dwarfdump-decompression-invalid-size.test b/llvm/test/DebugInfo/dwarfdump-decompression-invalid-size.test
@@ -0,0 +1,13 @@
+// dwarfdump-decompression-invalid-size.elf-x86-64 is prepared using following
+// source code and invocation:
+// test.cpp:
+// int main() { return 0; }
+//
+// gcc test.cpp -o out -g -Wl,--compress-debug-sections,zlib
+//
+// After that result object was modified manually. Decompressed size of
+// .debug_frame section was changed to 0xffffffffffffffff in compression
+// header.
+RUN: not llvm-dwarfdump %p/Inputs/dwarfdump-decompression-invalid-size.elf-x86-64 2>&1 | FileCheck %s
+
+CHECK: decompression of '.debug_frame' failed: unable to allocate 18446744073709551615 bytes.