Handle ELFCLASS32 files for x86-64

src/tools/validator_tools/ncstubout.c

 /*
  * Copyright (c) 2011 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 /*
  * This tool rewrites ELF files to replace instructions that will be
  * rejected by the validator with safe HLT instructions.  This is
  * useful if you have a large library in which many functions do not
  * validate but are not immediately required to work.  Replacing the
  * forbidden instructions with HLTs makes it easier to find the
  * instructions that are needed first, and fix and test them.

[bsy, 2011/10/11 21:21:19]

if this tool isn't intended to be able to handle arbitrary ELF data, it would be
good to have a comment here.  there appears to be numerous weaknesses.

  */
 
 #include <assert.h>
 #include <stdio.h>
 #include <string.h>
 
 #include "native_client/src/include/elf.h"
 #include "native_client/src/shared/gio/gio.h"
 #include "native_client/src/shared/platform/nacl_check.h"
 #include "native_client/src/shared/utils/types.h"
@@ skipping 49 matching lines @@
       return FALSE;
   }
 }
 
 static void CheckBounds(unsigned char *data, size_t data_size,
                         void *ptr, size_t inside_size) {
   CHECK(data <= (unsigned char *) ptr);
   CHECK((unsigned char *) ptr + inside_size <= data + data_size);
 }
 
-static Bool FixUpELF(unsigned char *data, size_t data_size) {
-  Elf_Ehdr *header;
+static Bool FixUpELF32(unsigned char *data, size_t data_size) {
+  Elf32_Ehdr *header;
   int index;
   Bool fixed = TRUE;  /* until proven otherwise. */
 
-  header = (Elf_Ehdr *) data;
+  header = (Elf32_Ehdr *) data;
   CheckBounds(data, data_size, header, sizeof(*header));
   CHECK(memcmp(header->e_ident, ELFMAG, strlen(ELFMAG)) == 0);
 
   for (index = 0; index < header->e_shnum; index++) {

[bsy, 2011/10/11 21:21:19]

this relies of sizeof(int) > sizeof(Elf32_Half) which is true for all sane
configs.  if ever equal or less, this is an infinite loop.

-    Elf_Shdr *section = (Elf_Shdr *) (data + header->e_shoff +
-                                      header->e_shentsize * index);
+    Elf32_Shdr *section = (Elf32_Shdr *) (data + header->e_shoff +
+                                          header->e_shentsize * index);
     CheckBounds(data, data_size, section, sizeof(*section));
 
     if ((section->sh_flags & SHF_EXECINSTR) != 0) {
       CheckBounds(data, data_size,
                   data + section->sh_offset, section->sh_size);

[bsy, 2011/10/11 21:21:19]

section->sh_offset + section->sh_size are both uint32_t and on 32-bit machines
data + section->sh_offset + section->sh_size could overflow undetected in
CheckBounds, yielding a false pass.

       if (!FixUpSection(section->sh_addr,
                         data + section->sh_offset, section->sh_size)) {
         fixed = FALSE;
       }
     }
   }
   return fixed;
 }
 
+#if NACL_TARGET_SUBARCH == 64
+static Bool FixUpELF64(unsigned char *data, size_t data_size) {
+  Elf64_Ehdr *header;
+  int index;

[bsy, 2011/10/11 21:21:19]

i usually try to avoid "index" as a variable name, since it's also a bsd-ism
function (legacy in posix.1-2001) for strchr.  not that we call index and
shadowing would generate compiler errors etc anyway.  of course, pre-existing
cut-n-paste etc.  sigh.  feel free to ignore.

+  Bool fixed = TRUE;  /* until proven otherwise. */
+
+  header = (Elf64_Ehdr *) data;
+  CheckBounds(data, data_size, header, sizeof(*header));
+  CHECK(memcmp(header->e_ident, ELFMAG, strlen(ELFMAG)) == 0);
+
+  for (index = 0; index < header->e_shnum; index++) {

[bsy, 2011/10/11 21:21:19]

same nit as above.  feel free to ignore.

+    Elf64_Shdr *section = (Elf64_Shdr *) (data + header->e_shoff +
+                                          header->e_shentsize * index);
+    CheckBounds(data, data_size, section, sizeof(*section));
+
+    if ((section->sh_flags & SHF_EXECINSTR) != 0) {
+      CheckBounds(data, data_size,
+                  data + section->sh_offset, section->sh_size);

[bsy, 2011/10/11 21:21:19]

section->sh_offset + section->sh_size can wrap on a 32-bit machine as above.

+      if (!FixUpSection(section->sh_addr,
+                        data + section->sh_offset, section->sh_size)) {
+        fixed = FALSE;
+      }
+    }
+  }
+  return fixed;
+}
+#endif
+
+static Bool FixUpELF(unsigned char *data, size_t data_size) {
+#if NACL_TARGET_SUBARCH == 64
+  if (data_size > EI_CLASS && data[EI_CLASS] == ELFCLASS64)
+    return FixUpELF64(data, data_size);
+#endif
+  return FixUpELF32(data, data_size);
+}
+
 static Bool FixUpELFFile(const char *input_file, const char *output_file) {
   FILE *fp;
   size_t file_size;
   unsigned char *data;
   size_t got;
   size_t written;
 
   /* Read whole ELF file and write it back with modifications. */
   fp = fopen(input_file, "rb");
   if (fp == NULL) {
@@ skipping 45 matching lines @@
     fprintf(stderr, "Usage: %s <input-file> -o <output-file>\n\n", argv[0]);
     fprintf(stderr,
             "This tool rewrites ELF objects to replace instructions that are\n"
             "rejected by the NaCl validator with safe HLT instructions.\n");
     GioFileDtor((struct Gio*) &err);
     return 1;
   }
   GioFileDtor((struct Gio*) &err);
   return FixUpELFFile(argv[1], argv[3]) ? 0 : 1;
 }