Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1658463002:
[Courgette] Fix AssemblyProgram parsing for ELF-ARM. (Closed)
Description[Courgette] Fix AssemblyProgram parsing for ELF-ARM.
This fixes two problems:
(A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header,
but FileOffsetToRVA() used Section Header. For consistency, both
should use the same one. We choose the latter (for now).
(B) Even if a section has sh_type=SHT_PROGBITS, it can still have
sh_addr=0. Extracting Rel32 address from these sections would add
overlapping RVA chaos, and so should be avoided.
Also using elf-arm7 in a unit test. The test fails before the fix and
passes after.
BUG=579206
Committed: https://crrev.com/7ec152caaf55f64431dcb2c63cc052890c4a93f1
Cr-Commit-Position: refs/heads/master@{#373639}
Patch Set 1 #Patch Set 2 : Sync. #Patch Set 3 : Add ELF-ARM case to EncodeDecodeTest. #
Total comments: 2
Patch Set 4 : Remove unused DisassemblerElf32 accessors. #
Messages
Total messages: 34 (15 generated)
Description was changed from ========== q# Enter a description of the change. [Courgette] Fix AssemblyProgram parsing for ELF and ARM. BUG= 579206 ========== to ========== [Courgette] Fix AssemblyProgram parsing for ELF and ARM. BUG= 579206 ==========
The CQ bit was checked by huangs@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1658463002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1658463002/1
Description was changed from ========== [Courgette] Fix AssemblyProgram parsing for ELF and ARM. BUG= 579206 ========== to ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. Both should use the latter. (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extract Rel32 address from these sections adds overlapping RVA chaos, and should be avoided. Verified that with the fix, Courgette for ELF-x86 still works. BUG= 579206 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
huangs@chromium.org changed reviewers: + chrisha@chromium.org, wfh@chromium.org
PTAL. Thanks!
On 2016/02/01 13:19:32, huangs wrote: > PTAL. Thanks! both look like good fixes but can you add a test ELF executable that did not work previously and now works?
That's a good idea, though it looks like trivial ELF executables don't trigger the bug. Meanwhile I realized that there's another cause, and (A) merely masks it. Will comment in the bug description.
Will need to rethink the fix. Meanwhile, test binary is added in http://crrev.com/1662633002/.
Added the test, and verified that before fix the test would fail (error code 25). Note that I only added 1 test, although elf-32-1 appears 5 times. The 4 "missing" tests are not added because: - bsdiff_memory_unittest.cc: Also uses elf-32-2, but right now we only have single ARM test. - ensemble_unittest.cc: Same. - encoded_program_fuzz_unittest.cc: courgette_fuzz is currently broken, don't want to complicate (also, why does it currently use nonexistent elf-32-1.exe?) - disassembler_elf_32_x86_unittest.cc: Should create counterpart for ARM, and refactor -- punting for now. Also the test seems broken: the check for abs32 & rel32 overlap does not consider 4-byte width of pointers. PTAL. Thanks!
The CQ bit was checked by huangs@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1658463002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1658463002/40001
https://codereview.chromium.org/1658463002/diff/40001/courgette/disassembler_... File courgette/disassembler_elf_32.cc (left): https://codereview.chromium.org/1658463002/diff/40001/courgette/disassembler_... courgette/disassembler_elf_32.cc:170: Elf32_Addr begin = ProgramSegmentMemoryBegin(i); are ProgramSegmentMemoryBegin and ProgramSegmentMemorySize needed any more now?
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Updated, PTAL. https://codereview.chromium.org/1658463002/diff/40001/courgette/disassembler_... File courgette/disassembler_elf_32.cc (left): https://codereview.chromium.org/1658463002/diff/40001/courgette/disassembler_... courgette/disassembler_elf_32.cc:170: Elf32_Addr begin = ProgramSegmentMemoryBegin(i); Ah good catch. Also removing other unused accessors.
lgtm
Thanks! Committing.
The CQ bit was checked by huangs@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1658463002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1658463002/60001
The CQ bit was unchecked by huangs@chromium.org
The CQ bit was checked by huangs@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1658463002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1658463002/60001
Hmm I said I would rethink this bug, but I think it's good to get this CL in first anyway. Will comment in the bug.
The CQ bit was unchecked by huangs@chromium.org
Description was changed from ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. Both should use the latter. (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extract Rel32 address from these sections adds overlapping RVA chaos, and should be avoided. Verified that with the fix, Courgette for ELF-x86 still works. BUG= 579206 ========== to ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. For consistency, both should use the same one. We choose the latter (for now). (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extracting Rel32 address from these sections would add overlapping RVA chaos, and so should be avoided. Also using elf-arm7 in a unit test. The test fails before the fix and passes after. BUG= 579206 ==========
The CQ bit was checked by huangs@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1658463002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1658463002/60001
Message was sent while issue was closed.
Description was changed from ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. For consistency, both should use the same one. We choose the latter (for now). (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extracting Rel32 address from these sections would add overlapping RVA chaos, and so should be avoided. Also using elf-arm7 in a unit test. The test fails before the fix and passes after. BUG= 579206 ========== to ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. For consistency, both should use the same one. We choose the latter (for now). (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extracting Rel32 address from these sections would add overlapping RVA chaos, and so should be avoided. Also using elf-arm7 in a unit test. The test fails before the fix and passes after. BUG= 579206 ==========
Message was sent while issue was closed.
Committed patchset #4 (id:60001)
Message was sent while issue was closed.
Description was changed from ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. For consistency, both should use the same one. We choose the latter (for now). (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extracting Rel32 address from these sections would add overlapping RVA chaos, and so should be avoided. Also using elf-arm7 in a unit test. The test fails before the fix and passes after. BUG= 579206 ========== to ========== [Courgette] Fix AssemblyProgram parsing for ELF-ARM. This fixes two problems: (A) In DisassemblerElf32, RVAToFileOffset() used Program Segment Header, but FileOffsetToRVA() used Section Header. For consistency, both should use the same one. We choose the latter (for now). (B) Even if a section has sh_type=SHT_PROGBITS, it can still have sh_addr=0. Extracting Rel32 address from these sections would add overlapping RVA chaos, and so should be avoided. Also using elf-arm7 in a unit test. The test fails before the fix and passes after. BUG= 579206 Committed: https://crrev.com/7ec152caaf55f64431dcb2c63cc052890c4a93f1 Cr-Commit-Position: refs/heads/master@{#373639} ==========
Message was sent while issue was closed.
Patchset 4 (id:??) landed as https://crrev.com/7ec152caaf55f64431dcb2c63cc052890c4a93f1 Cr-Commit-Position: refs/heads/master@{#373639} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
