]> git.saurik.com Git - apple/ld64.git/blob - src/other/machochecker.cpp
projects / apple / ld64.git / blob
? search:


0465cd579c9f68a0718dc3ac37e8c0b6cf0d1f3d
[apple/ld64.git] / src / other / machochecker.cpp
1 /* -*- mode: C++; c-basic-offset: 4; tab-width: 4 -*-
2 *
3 * Copyright (c) 2006-2010 Apple Inc. All rights reserved.
4 *
5 * @APPLE_LICENSE_HEADER_START@
6 *
7 * This file contains Original Code and/or Modifications of Original Code
8 * as defined in and that are subject to the Apple Public Source License
9 * Version 2.0 (the 'License'). You may not use this file except in
10 * compliance with the License. Please obtain a copy of the License at
11 * http://www.opensource.apple.com/apsl/ and read it before using this
12 * file.
13 *
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
19 * Please see the License for the specific language governing rights and
20 * limitations under the License.
21 *
22 * @APPLE_LICENSE_HEADER_END@
23 */
24
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <sys/mman.h>
28 #include <stdarg.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <fcntl.h>
32 #include <unistd.h>
33 #include <errno.h>
34
35 #include <vector>
36 #include <set>
37 #include <unordered_set>
38
39 #include "configure.h"
40
41 #include "MachOFileAbstraction.hpp"
42 #include "Architectures.hpp"
43
44
45 __attribute__((noreturn))
46 void throwf(const char* format, ...)
47 {
48 va_list list;
49 char* p;
50 va_start(list, format);
51 vasprintf(&p, format, list);
52 va_end(list);
53
54 const char* t = p;
55 throw t;
56 }
57
58 static uint64_t read_uleb128(const uint8_t*& p, const uint8_t* end)
59 {
60 uint64_t result = 0;
61 int bit = 0;
62 do {
63 if (p == end)
64 throwf("malformed uleb128");
65
66 uint64_t slice = *p & 0x7f;
67
68 if (bit >= 64 || slice << bit >> bit != slice)
69 throwf("uleb128 too big");
70 else {
71 result |= (slice << bit);
72 bit += 7;
73 }
74 }
75 while (*p++ & 0x80);
76 return result;
77 }
78
79
80 static int64_t read_sleb128(const uint8_t*& p, const uint8_t* end)
81 {
82 int64_t result = 0;
83 int bit = 0;
84 uint8_t byte;
85 do {
86 if (p == end)
87 throwf("malformed sleb128");
88 byte = *p++;
89 result |= ((byte & 0x7f) << bit);
90 bit += 7;
91 } while (byte & 0x80);
92 // sign extend negative numbers
93 if ( (byte & 0x40) != 0 )
94 result |= (-1LL) << bit;
95 return result;
96 }
97
98
99 template <typename A>
100 class MachOChecker
101 {
102 public:
103 static bool validFile(const uint8_t* fileContent);
104 static MachOChecker<A>* make(const uint8_t* fileContent, uint32_t fileLength, const char* path, const char* verifierDstRoot)
105 { return new MachOChecker<A>(fileContent, fileLength, path, verifierDstRoot); }
106 virtual ~MachOChecker() {}
107
108
109 private:
110 typedef typename A::P P;
111 typedef typename A::P::E E;
112 typedef typename A::P::uint_t pint_t;
113
114 // utility classes for using std::unordered_map with c-strings
115 struct CStringHash {
116 size_t operator()(const char* __s) const {
117 size_t __h = 0;
118 for ( ; *__s; ++__s)
119 __h = 5 * __h + *__s;
120 return __h;
121 };
122 };
123 struct CStringEquals
124 {
125 bool operator()(const char* left, const char* right) const { return (strcmp(left, right) == 0); }
126 };
127
128 typedef std::unordered_set<const char*, CStringHash, CStringEquals> StringSet;
129
130 MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path, const char* verifierDstRoot);
131 void checkMachHeader();
132 void checkLoadCommands();
133 void checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect);
134 uint8_t loadCommandSizeMask();
135 void checkSymbolTable();
136 void checkInitTerms();
137 void checkIndirectSymbolTable();
138 void checkRelocations();
139 void checkExternalReloation(const macho_relocation_info<P>* reloc);
140 void checkLocalReloation(const macho_relocation_info<P>* reloc);
141 void verify();
142 void verifyInstallName();
143 void verifyNoRpaths();
144 void verifyNoFlatLookups();
145
146 pint_t relocBase();
147 bool addressInWritableSegment(pint_t address);
148 bool hasTextRelocInRange(pint_t start, pint_t end);
149 pint_t segStartAddress(uint8_t segIndex);
150 bool addressIsRebaseSite(pint_t addr);
151 bool addressIsBindingSite(pint_t addr);
152 pint_t getInitialStackPointer(const macho_thread_command<P>*);
153 pint_t getEntryPoint(const macho_thread_command<P>*);
154 const char* archName();
155
156
157 const char* fPath;
158 const char* fDstRoot;
159 const macho_header<P>* fHeader;
160 uint32_t fLength;
161 const char* fInstallName;
162 const char* fStrings;
163 const char* fStringsEnd;
164 const macho_nlist<P>* fSymbols;
165 uint32_t fSymbolCount;
166 const macho_dysymtab_command<P>* fDynamicSymbolTable;
167 const uint32_t* fIndirectTable;
168 uint32_t fIndirectTableCount;
169 const macho_relocation_info<P>* fLocalRelocations;
170 uint32_t fLocalRelocationsCount;
171 const macho_relocation_info<P>* fExternalRelocations;
172 uint32_t fExternalRelocationsCount;
173 bool fWriteableSegmentWithAddrOver4G;
174 bool fSlidableImage;
175 bool fHasLC_RPATH;
176 const macho_segment_command<P>* fFirstSegment;
177 const macho_segment_command<P>* fFirstWritableSegment;
178 const macho_segment_command<P>* fTEXTSegment;
179 const macho_dyld_info_command<P>* fDyldInfo;
180 uint32_t fSectionCount;
181 std::vector<const macho_segment_command<P>*>fSegments;
182 };
183
184
185 template <>
186 bool MachOChecker<x86>::validFile(const uint8_t* fileContent)
187 {
188 const macho_header<P>* header = (const macho_header<P>*)fileContent;
189 if ( header->magic() != MH_MAGIC )
190 return false;
191 if ( header->cputype() != CPU_TYPE_I386 )
192 return false;
193 switch (header->filetype()) {
194 case MH_EXECUTE:
195 case MH_DYLIB:
196 case MH_BUNDLE:
197 case MH_DYLINKER:
198 return true;
199 }
200 return false;
201 }
202
203 template <>
204 bool MachOChecker<x86_64>::validFile(const uint8_t* fileContent)
205 {
206 const macho_header<P>* header = (const macho_header<P>*)fileContent;
207 if ( header->magic() != MH_MAGIC_64 )
208 return false;
209 if ( header->cputype() != CPU_TYPE_X86_64 )
210 return false;
211 switch (header->filetype()) {
212 case MH_EXECUTE:
213 case MH_DYLIB:
214 case MH_BUNDLE:
215 case MH_DYLINKER:
216 return true;
217 }
218 return false;
219 }
220
221 #if SUPPORT_ARCH_arm_any
222 template <>
223 bool MachOChecker<arm>::validFile(const uint8_t* fileContent)
224 {
225 const macho_header<P>* header = (const macho_header<P>*)fileContent;
226 if ( header->magic() != MH_MAGIC )
227 return false;
228 if ( header->cputype() != CPU_TYPE_ARM )
229 return false;
230 switch (header->filetype()) {
231 case MH_EXECUTE:
232 case MH_DYLIB:
233 case MH_BUNDLE:
234 case MH_DYLINKER:
235 return true;
236 }
237 return false;
238 }
239 #endif
240
241 #if SUPPORT_ARCH_arm64
242 template <>
243 bool MachOChecker<arm64>::validFile(const uint8_t* fileContent)
244 {
245 const macho_header<P>* header = (const macho_header<P>*)fileContent;
246 if ( header->magic() != MH_MAGIC_64 )
247 return false;
248 if ( header->cputype() != CPU_TYPE_ARM64 )
249 return false;
250 switch (header->filetype()) {
251 case MH_EXECUTE:
252 case MH_DYLIB:
253 case MH_BUNDLE:
254 case MH_DYLINKER:
255 return true;
256 }
257 return false;
258 }
259 #endif
260
261 template <> uint8_t MachOChecker<x86>::loadCommandSizeMask() { return 0x03; }
262 template <> uint8_t MachOChecker<x86_64>::loadCommandSizeMask() { return 0x07; }
263 template <> uint8_t MachOChecker<arm>::loadCommandSizeMask() { return 0x03; }
264 template <> uint8_t MachOChecker<arm64>::loadCommandSizeMask() { return 0x07; }
265
266
267
268 template <>
269 x86::P::uint_t MachOChecker<x86>::getInitialStackPointer(const macho_thread_command<x86::P>* threadInfo)
270 {
271 return threadInfo->thread_register(7);
272 }
273
274 template <>
275 x86_64::P::uint_t MachOChecker<x86_64>::getInitialStackPointer(const macho_thread_command<x86_64::P>* threadInfo)
276 {
277 return threadInfo->thread_register(7);
278 }
279
280 template <>
281 arm::P::uint_t MachOChecker<arm>::getInitialStackPointer(const macho_thread_command<arm::P>* threadInfo)
282 {
283 return threadInfo->thread_register(13);
284 }
285
286 template <>
287 arm64::P::uint_t MachOChecker<arm64>::getInitialStackPointer(const macho_thread_command<arm64::P>* threadInfo)
288 {
289 throw "LC_UNIXTHREAD not supported for arm64";
290 }
291
292
293 template <>
294 x86::P::uint_t MachOChecker<x86>::getEntryPoint(const macho_thread_command<x86::P>* threadInfo)
295 {
296 return threadInfo->thread_register(10);
297 }
298
299 template <>
300 x86_64::P::uint_t MachOChecker<x86_64>::getEntryPoint(const macho_thread_command<x86_64::P>* threadInfo)
301 {
302 return threadInfo->thread_register(16);
303 }
304
305 template <>
306 arm::P::uint_t MachOChecker<arm>::getEntryPoint(const macho_thread_command<arm::P>* threadInfo)
307 {
308 return threadInfo->thread_register(15);
309 }
310
311 template <>
312 arm64::P::uint_t MachOChecker<arm64>::getEntryPoint(const macho_thread_command<arm64::P>* threadInfo)
313 {
314 throw "LC_UNIXTHREAD not supported for arm64";
315 }
316
317
318 template <typename A>
319 const char* MachOChecker<A>::archName()
320 {
321 switch ( fHeader->cputype() ) {
322 case CPU_TYPE_I386:
323 return "i386";
324 case CPU_TYPE_X86_64:
325 if ( fHeader->cpusubtype() == CPU_SUBTYPE_X86_64_H )
326 return "x86_64h";
327 else
328 return "x86_64";
329 case CPU_TYPE_ARM:
330 switch ( fHeader->cpusubtype() ) {
331 case CPU_SUBTYPE_ARM_V7:
332 return "armv7";
333 case CPU_SUBTYPE_ARM_V7S:
334 return "armv7s";
335 case CPU_SUBTYPE_ARM_V7K:
336 return "armv7k";
337 }
338 return "arm";
339 case CPU_TYPE_ARM64:
340 return "arm64";
341 }
342 return "unknown";
343 }
344
345
346
347 template <typename A>
348 MachOChecker<A>::MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path, const char* verifierDstRoot)
349 : fHeader(NULL), fLength(fileLength), fInstallName(NULL), fStrings(NULL), fSymbols(NULL), fSymbolCount(0), fDynamicSymbolTable(NULL), fIndirectTableCount(0),
350 fLocalRelocations(NULL), fLocalRelocationsCount(0), fExternalRelocations(NULL), fExternalRelocationsCount(0),
351 fWriteableSegmentWithAddrOver4G(false), fSlidableImage(false), fHasLC_RPATH(false), fFirstSegment(NULL), fFirstWritableSegment(NULL),
352 fTEXTSegment(NULL), fDyldInfo(NULL), fSectionCount(0)
353 {
354 // sanity check
355 if ( ! validFile(fileContent) )
356 throw "not a mach-o file that can be checked";
357
358 fPath = strdup(path);
359 fDstRoot = verifierDstRoot ? strdup(verifierDstRoot) : NULL;
360 fHeader = (const macho_header<P>*)fileContent;
361
362 // sanity check header
363 checkMachHeader();
364
365 // check load commands
366 checkLoadCommands();
367
368 checkIndirectSymbolTable();
369
370 checkRelocations();
371
372 checkSymbolTable();
373
374 checkInitTerms();
375
376 if ( verifierDstRoot != NULL )
377 verify();
378 }
379
380
381 template <typename A>
382 void MachOChecker<A>::checkMachHeader()
383 {
384 if ( (fHeader->sizeofcmds() + sizeof(macho_header<P>)) > fLength )
385 throw "sizeofcmds in mach_header is larger than file";
386
387 uint32_t flags = fHeader->flags();
388 const uint32_t invalidBits = MH_INCRLINK | MH_LAZY_INIT | 0xFC000000;
389 if ( flags & invalidBits )
390 throw "invalid bits in mach_header flags";
391 if ( (flags & MH_NO_REEXPORTED_DYLIBS) && (fHeader->filetype() != MH_DYLIB) )
392 throw "MH_NO_REEXPORTED_DYLIBS bit of mach_header flags only valid for dylibs";
393
394 switch ( fHeader->filetype() ) {
395 case MH_EXECUTE:
396 fSlidableImage = ( flags & MH_PIE );
397 break;
398 case MH_DYLIB:
399 case MH_BUNDLE:
400 fSlidableImage = true;
401 break;
402 default:
403 throw "not a mach-o file type supported by this tool";
404 }
405 }
406
407 template <typename A>
408 void MachOChecker<A>::checkLoadCommands()
409 {
410 // check that all load commands fit within the load command space file
411 const macho_encryption_info_command<P>* encryption_info = NULL;
412 const macho_thread_command<P>* threadInfo = NULL;
413 const macho_entry_point_command<P>* entryPoint = NULL;
414 const uint8_t* const endOfFile = (uint8_t*)fHeader + fLength;
415 const uint8_t* const endOfLoadCommands = (uint8_t*)fHeader + sizeof(macho_header<P>) + fHeader->sizeofcmds();
416 const uint32_t cmd_count = fHeader->ncmds();
417 const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
418 const macho_load_command<P>* cmd = cmds;
419 const macho_dylib_command<P>* dylibID;
420 for (uint32_t i = 0; i < cmd_count; ++i) {
421 uint32_t size = cmd->cmdsize();
422 if ( (size & this->loadCommandSizeMask()) != 0 )
423 throwf("load command #%d has a unaligned size", i);
424 const uint8_t* endOfCmd = ((uint8_t*)cmd)+cmd->cmdsize();
425 if ( endOfCmd > endOfLoadCommands )
426 throwf("load command #%d extends beyond the end of the load commands", i);
427 if ( endOfCmd > endOfFile )
428 throwf("load command #%d extends beyond the end of the file", i);
429 switch ( cmd->cmd() ) {
430 case macho_segment_command<P>::CMD:
431 case LC_SYMTAB:
432 case LC_DYSYMTAB:
433 case LC_LOAD_DYLIB:
434 case LC_ID_DYLINKER:
435 case LC_LOAD_DYLINKER:
436 case macho_routines_command<P>::CMD:
437 case LC_SUB_FRAMEWORK:
438 case LC_SUB_CLIENT:
439 case LC_TWOLEVEL_HINTS:
440 case LC_PREBIND_CKSUM:
441 case LC_LOAD_WEAK_DYLIB:
442 case LC_LAZY_LOAD_DYLIB:
443 case LC_UUID:
444 case LC_REEXPORT_DYLIB:
445 case LC_SEGMENT_SPLIT_INFO:
446 case LC_CODE_SIGNATURE:
447 case LC_LOAD_UPWARD_DYLIB:
448 case LC_VERSION_MIN_MACOSX:
449 case LC_VERSION_MIN_IPHONEOS:
450 case LC_FUNCTION_STARTS:
451 case LC_DYLD_ENVIRONMENT:
452 case LC_DATA_IN_CODE:
453 case LC_DYLIB_CODE_SIGN_DRS:
454 case LC_SOURCE_VERSION:
455 break;
456 case LC_RPATH:
457 fHasLC_RPATH = true;
458 break;
459 case LC_ID_DYLIB:
460 dylibID = (macho_dylib_command<P>*)cmd;
461 if ( dylibID->name_offset() > size )
462 throwf("malformed mach-o: LC_ID_DYLIB load command has offset (%u) outside its size (%u)", dylibID->name_offset(), size);
463 if ( (dylibID->name_offset() + strlen(dylibID->name()) + 1) > size )
464 throwf("malformed mach-o: LC_ID_DYLIB load command string extends beyond end of load command");
465 fInstallName = dylibID->name();
466 break;
467 case LC_DYLD_INFO:
468 case LC_DYLD_INFO_ONLY:
469 fDyldInfo = (macho_dyld_info_command<P>*)cmd;
470 break;
471 case LC_ENCRYPTION_INFO:
472 case LC_ENCRYPTION_INFO_64:
473 encryption_info = (macho_encryption_info_command<P>*)cmd;
474 break;
475 case LC_SUB_UMBRELLA:
476 case LC_SUB_LIBRARY:
477 if ( fHeader->flags() & MH_NO_REEXPORTED_DYLIBS )
478 throw "MH_NO_REEXPORTED_DYLIBS bit of mach_header flags should not be set in an image with LC_SUB_LIBRARY or LC_SUB_UMBRELLA";
479 break;
480 case LC_MAIN:
481 if ( fHeader->filetype() != MH_EXECUTE )
482 throw "LC_MAIN can only be used in MH_EXECUTE file types";
483 entryPoint = (macho_entry_point_command<P>*)cmd;
484 break;
485 case LC_UNIXTHREAD:
486 if ( fHeader->filetype() != MH_EXECUTE )
487 throw "LC_UNIXTHREAD can only be used in MH_EXECUTE file types";
488 threadInfo = (macho_thread_command<P>*)cmd;
489 break;
490 default:
491 throwf("load command #%d is an unknown kind 0x%X", i, cmd->cmd());
492 }
493 cmd = (const macho_load_command<P>*)endOfCmd;
494 }
495
496 // check segments
497 cmd = cmds;
498 std::vector<std::pair<pint_t, pint_t> > segmentAddressRanges;
499 std::vector<std::pair<pint_t, pint_t> > segmentFileOffsetRanges;
500 const macho_segment_command<P>* linkEditSegment = NULL;
501 const macho_segment_command<P>* stackSegment = NULL;
502 for (uint32_t i = 0; i < cmd_count; ++i) {
503 if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
504 const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
505 fSegments.push_back(segCmd);
506 if ( segCmd->cmdsize() != (sizeof(macho_segment_command<P>) + segCmd->nsects() * sizeof(macho_section_content<P>)) )
507 throw "invalid segment load command size";
508
509 // see if this overlaps another segment address range
510 uint64_t startAddr = segCmd->vmaddr();
511 uint64_t endAddr = startAddr + segCmd->vmsize();
512 for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentAddressRanges.begin(); it != segmentAddressRanges.end(); ++it) {
513 if ( it->first < startAddr ) {
514 if ( it->second > startAddr )
515 throw "overlapping segment vm addresses";
516 }
517 else if ( it->first > startAddr ) {
518 if ( it->first < endAddr )
519 throw "overlapping segment vm addresses";
520 }
521 else {
522 throw "overlapping segment vm addresses";
523 }
524 segmentAddressRanges.push_back(std::make_pair(startAddr, endAddr));
525 }
526 // see if this overlaps another segment file offset range
527 uint64_t startOffset = segCmd->fileoff();
528 uint64_t endOffset = startOffset + segCmd->filesize();
529 for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentFileOffsetRanges.begin(); it != segmentFileOffsetRanges.end(); ++it) {
530 if ( it->first < startOffset ) {
531 if ( it->second > startOffset )
532 throw "overlapping segment file data";
533 }
534 else if ( it->first > startOffset ) {
535 if ( it->first < endOffset )
536 throw "overlapping segment file data";
537 }
538 else {
539 throw "overlapping segment file data";
540 }
541 segmentFileOffsetRanges.push_back(std::make_pair(startOffset, endOffset));
542 // check is within file bounds
543 if ( (startOffset > fLength) || (endOffset > fLength) )
544 throw "segment file data is past end of file";
545 }
546 // verify it fits in file
547 if ( startOffset > fLength )
548 throw "segment fileoff does not fit in file";
549 if ( endOffset > fLength )
550 throw "segment fileoff+filesize does not fit in file";
551
552 // record special segments
553 if ( strcmp(segCmd->segname(), "__LINKEDIT") == 0 )
554 linkEditSegment = segCmd;
555 else if ( strcmp(segCmd->segname(), "__UNIXSTACK") == 0 )
556 stackSegment = segCmd;
557
558 // cache interesting segments
559 if ( fFirstSegment == NULL )
560 fFirstSegment = segCmd;
561 if ( (fTEXTSegment == NULL) && (strcmp(segCmd->segname(), "__TEXT") == 0) )
562 fTEXTSegment = segCmd;
563 if ( (segCmd->initprot() & VM_PROT_WRITE) != 0 ) {
564 if ( fFirstWritableSegment == NULL )
565 fFirstWritableSegment = segCmd;
566 if ( segCmd->vmaddr() > 0x100000000ULL )
567 fWriteableSegmentWithAddrOver4G = true;
568 }
569
570 // check section ranges
571 const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
572 const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
573 for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
574 // check all non-zero sized sections are within segment
575 if ( sect->addr() < startAddr )
576 throwf("section %s vm address not within segment", sect->sectname());
577 if ( (sect->addr()+sect->size()) > endAddr )
578 throwf("section %s vm address not within segment", sect->sectname());
579 if ( ((sect->flags() & SECTION_TYPE) != S_ZEROFILL)
580 && ((sect->flags() & SECTION_TYPE) != S_THREAD_LOCAL_ZEROFILL)
581 && (segCmd->filesize() != 0)
582 && (sect->size() != 0) ) {
583 if ( sect->offset() < startOffset )
584 throwf("section %s file offset not within segment", sect->sectname());
585 if ( (sect->offset()+sect->size()) > endOffset )
586 throwf("section %s file offset not within segment", sect->sectname());
587 }
588 checkSection(segCmd, sect);
589 ++fSectionCount;
590 }
591 }
592 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
593 }
594
595 // verify there was a LINKEDIT segment
596 if ( linkEditSegment == NULL )
597 throw "no __LINKEDIT segment";
598
599 // verify there was an executable __TEXT segment and load commands are in it
600 if ( fTEXTSegment == NULL )
601 throw "no __TEXT segment";
602 if ( fTEXTSegment->initprot() != (VM_PROT_READ|VM_PROT_EXECUTE) )
603 throw "__TEXT segment does not have r-x init permissions";
604 //if ( fTEXTSegment->maxprot() != (VM_PROT_READ|VM_PROT_EXECUTE|VM_PROT_WRITE) )
605 // throw "__TEXT segment does not have rwx max permissions";
606 if ( fTEXTSegment->fileoff() != 0 )
607 throw "__TEXT segment does not start at mach_header";
608 if ( fTEXTSegment->filesize() < (sizeof(macho_header<P>)+fHeader->sizeofcmds()) )
609 throw "__TEXT segment smaller than load commands";
610
611 // verify if custom stack used, that stack is in __UNIXSTACK segment
612 if ( threadInfo != NULL ) {
613 pint_t initialSP = getInitialStackPointer(threadInfo);
614 if ( initialSP != 0 ) {
615 if ( stackSegment == NULL )
616 throw "LC_UNIXTHREAD specifics custom initial stack pointer, but no __UNIXSTACK segment";
617 if ( (initialSP < stackSegment->vmaddr()) || (initialSP > (stackSegment->vmaddr()+stackSegment->vmsize())) )
618 throw "LC_UNIXTHREAD specifics custom initial stack pointer which does not point into __UNIXSTACK segment";
619 }
620 }
621
622 // verify __UNIXSTACK is zero fill
623 if ( stackSegment != NULL ) {
624 if ( (stackSegment->filesize() != 0) || (stackSegment->fileoff() != 0) )
625 throw "__UNIXSTACK is not a zero-fill segment";
626 if ( stackSegment->vmsize() < 4096 )
627 throw "__UNIXSTACK segment is too small";
628 }
629
630 // verify entry point is in __TEXT segment
631 if ( threadInfo != NULL ) {
632 pint_t initialPC = getEntryPoint(threadInfo);
633 if ( (initialPC < fTEXTSegment->vmaddr()) || (initialPC >= (fTEXTSegment->vmaddr()+fTEXTSegment->vmsize())) )
634 throwf("entry point 0x%0llX is outside __TEXT segment", (long long)initialPC);
635 }
636 else if ( entryPoint != NULL ) {
637 pint_t initialOffset = entryPoint->entryoff();
638 if ( (initialOffset < fTEXTSegment->fileoff()) || (initialOffset >= (fTEXTSegment->fileoff()+fTEXTSegment->filesize())) )
639 throwf("entry point 0x%0llX is outside __TEXT segment", (long long)initialOffset);
640 }
641
642 // checks for executables
643 bool isStaticExecutable = false;
644 if ( fHeader->filetype() == MH_EXECUTE ) {
645 isStaticExecutable = true;
646 cmd = cmds;
647 for (uint32_t i = 0; i < cmd_count; ++i) {
648 switch ( cmd->cmd() ) {
649 case LC_LOAD_DYLINKER:
650 // the existence of a dyld load command makes a executable dynamic
651 isStaticExecutable = false;
652 break;
653 }
654 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
655 }
656 if ( isStaticExecutable ) {
657 if ( (fHeader->flags() != MH_NOUNDEFS) && (fHeader->flags() != (MH_NOUNDEFS|MH_PIE)) )
658 throw "invalid bits in mach_header flags for static executable";
659 }
660 }
661
662 // verify encryption info
663 if ( encryption_info != NULL ) {
664 if ( fHeader->filetype() != MH_EXECUTE )
665 throw "LC_ENCRYPTION_INFO load command is only legal in main executables";
666 if ( encryption_info->cryptoff() < (sizeof(macho_header<P>) + fHeader->sizeofcmds()) )
667 throw "LC_ENCRYPTION_INFO load command has cryptoff covers some load commands";
668 if ( (encryption_info->cryptoff() % 4096) != 0 )
669 throw "LC_ENCRYPTION_INFO load command has cryptoff which is not page aligned";
670 if ( (encryption_info->cryptsize() % 4096) != 0 )
671 throw "LC_ENCRYPTION_INFO load command has cryptsize which is not page sized";
672 for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentFileOffsetRanges.begin();
673 it != segmentFileOffsetRanges.end(); ++it) {
674 if ( (it->first <= encryption_info->cryptoff()) && (encryption_info->cryptoff() < it->second) ) {
675 if ( (encryption_info->cryptoff() + encryption_info->cryptsize()) > it->second )
676 throw "LC_ENCRYPTION_INFO load command is not contained within one segment";
677 }
678 }
679 }
680
681 // verify dylib has LC_ID_DYLIB
682 if ( fHeader->filetype() == MH_DYLIB ) {
683 if ( fInstallName == NULL )
684 throw "MH_DYLIB missing LC_ID_DYLIB";
685 }
686 else {
687 if ( fInstallName != NULL )
688 throw "LC_ID_DYLIB found but file type is not MH_DYLIB";
689 }
690
691 // check LC_SYMTAB, LC_DYSYMTAB, and LC_SEGMENT_SPLIT_INFO
692 cmd = cmds;
693 bool foundDynamicSymTab = false;
694 for (uint32_t i = 0; i < cmd_count; ++i) {
695 switch ( cmd->cmd() ) {
696 case LC_SYMTAB:
697 {
698 const macho_symtab_command<P>* symtab = (macho_symtab_command<P>*)cmd;
699 fSymbolCount = symtab->nsyms();
700 fSymbols = (const macho_nlist<P>*)((char*)fHeader + symtab->symoff());
701 if ( symtab->symoff() < linkEditSegment->fileoff() )
702 throw "symbol table not in __LINKEDIT";
703 if ( (symtab->symoff() + fSymbolCount*sizeof(macho_nlist<P>*)) > symtab->stroff() )
704 throw "symbol table overlaps string pool";
705 if ( (symtab->symoff() % sizeof(pint_t)) != 0 )
706 throw "symbol table start not pointer aligned";
707 fStrings = (char*)fHeader + symtab->stroff();
708 fStringsEnd = fStrings + symtab->strsize();
709 if ( symtab->stroff() < linkEditSegment->fileoff() )
710 throw "string pool not in __LINKEDIT";
711 if ( (symtab->stroff()+symtab->strsize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
712 throw "string pool extends beyond __LINKEDIT";
713 if ( (symtab->stroff() % 4) != 0 ) // work around until rdar://problem/4737991 is fixed
714 throw "string pool start not pointer aligned";
715 if ( (symtab->strsize() % sizeof(pint_t)) != 0 )
716 throw "string pool size not a multiple of pointer size";
717 }
718 break;
719 case LC_DYSYMTAB:
720 {
721 if ( isStaticExecutable &&! fSlidableImage )
722 throw "LC_DYSYMTAB should not be used in static executable";
723 foundDynamicSymTab = true;
724 fDynamicSymbolTable = (macho_dysymtab_command<P>*)cmd;
725 fIndirectTable = (uint32_t*)((char*)fHeader + fDynamicSymbolTable->indirectsymoff());
726 fIndirectTableCount = fDynamicSymbolTable->nindirectsyms();
727 if ( fIndirectTableCount != 0 ) {
728 if ( fDynamicSymbolTable->indirectsymoff() < linkEditSegment->fileoff() )
729 throw "indirect symbol table not in __LINKEDIT";
730 if ( (fDynamicSymbolTable->indirectsymoff()+fIndirectTableCount*8) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
731 throw "indirect symbol table not in __LINKEDIT";
732 if ( (fDynamicSymbolTable->indirectsymoff() % sizeof(pint_t)) != 0 )
733 throw "indirect symbol table not pointer aligned";
734 }
735 fLocalRelocationsCount = fDynamicSymbolTable->nlocrel();
736 if ( fLocalRelocationsCount != 0 ) {
737 fLocalRelocations = (const macho_relocation_info<P>*)((char*)fHeader + fDynamicSymbolTable->locreloff());
738 if ( fDynamicSymbolTable->locreloff() < linkEditSegment->fileoff() )
739 throw "local relocations not in __LINKEDIT";
740 if ( (fDynamicSymbolTable->locreloff()+fLocalRelocationsCount*sizeof(macho_relocation_info<P>)) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
741 throw "local relocations not in __LINKEDIT";
742 if ( (fDynamicSymbolTable->locreloff() % sizeof(pint_t)) != 0 )
743 throw "local relocations table not pointer aligned";
744 }
745 fExternalRelocationsCount = fDynamicSymbolTable->nextrel();
746 if ( fExternalRelocationsCount != 0 ) {
747 fExternalRelocations = (const macho_relocation_info<P>*)((char*)fHeader + fDynamicSymbolTable->extreloff());
748 if ( fDynamicSymbolTable->extreloff() < linkEditSegment->fileoff() )
749 throw "external relocations not in __LINKEDIT";
750 if ( (fDynamicSymbolTable->extreloff()+fExternalRelocationsCount*sizeof(macho_relocation_info<P>)) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
751 throw "external relocations not in __LINKEDIT";
752 if ( (fDynamicSymbolTable->extreloff() % sizeof(pint_t)) != 0 )
753 throw "external relocations table not pointer aligned";
754 }
755 }
756 break;
757 case LC_SEGMENT_SPLIT_INFO:
758 {
759 if ( isStaticExecutable )
760 throw "LC_SEGMENT_SPLIT_INFO should not be used in static executable";
761 const macho_linkedit_data_command<P>* info = (macho_linkedit_data_command<P>*)cmd;
762 if ( info->dataoff() < linkEditSegment->fileoff() )
763 throw "split seg info not in __LINKEDIT";
764 if ( (info->dataoff()+info->datasize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
765 throw "split seg info not in __LINKEDIT";
766 if ( (info->dataoff() % sizeof(pint_t)) != 0 )
767 throw "split seg info table not pointer aligned";
768 if ( (info->datasize() % sizeof(pint_t)) != 0 )
769 throw "split seg info size not a multiple of pointer size";
770 }
771 break;
772 case LC_FUNCTION_STARTS:
773 {
774 const macho_linkedit_data_command<P>* info = (macho_linkedit_data_command<P>*)cmd;
775 if ( info->dataoff() < linkEditSegment->fileoff() )
776 throw "function starts data not in __LINKEDIT";
777 if ( (info->dataoff()+info->datasize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
778 throw "function starts data not in __LINKEDIT";
779 if ( (info->dataoff() % sizeof(pint_t)) != 0 )
780 throw "function starts data table not pointer aligned";
781 if ( (info->datasize() % sizeof(pint_t)) != 0 )
782 throw "function starts data size not a multiple of pointer size";
783 }
784 break;
785 case LC_DATA_IN_CODE:
786 {
787 const macho_linkedit_data_command<P>* info = (macho_linkedit_data_command<P>*)cmd;
788 if ( info->dataoff() < linkEditSegment->fileoff() )
789 throw "data-in-code data not in __LINKEDIT";
790 if ( (info->dataoff()+info->datasize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
791 throw "data-in-code data not in __LINKEDIT";
792 if ( (info->dataoff() % sizeof(pint_t)) != 0 )
793 throw "data-in-code data table not pointer aligned";
794 if ( (info->datasize() % sizeof(pint_t)) != 0 )
795 throw "data-in-code data size not a multiple of pointer size";
796 }
797 break;
798 case LC_DYLIB_CODE_SIGN_DRS:
799 {
800 const macho_linkedit_data_command<P>* info = (macho_linkedit_data_command<P>*)cmd;
801 if ( info->dataoff() < linkEditSegment->fileoff() )
802 throw "dependent dylib DR data not in __LINKEDIT";
803 if ( (info->dataoff()+info->datasize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
804 throw "dependent dylib DR data not in __LINKEDIT";
805 if ( (info->dataoff() % sizeof(pint_t)) != 0 )
806 throw "dependent dylib DR data table not pointer aligned";
807 if ( (info->datasize() % sizeof(pint_t)) != 0 )
808 throw "dependent dylib DR data size not a multiple of pointer size";
809 }
810 break;
811 }
812 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
813 }
814 if ( !isStaticExecutable && !foundDynamicSymTab )
815 throw "missing dynamic symbol table";
816 if ( fStrings == NULL )
817 throw "missing symbol table";
818
819 }
820
821 template <typename A>
822 void MachOChecker<A>::checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect)
823 {
824 uint8_t sectionType = (sect->flags() & SECTION_TYPE);
825 if ( sectionType == S_ZEROFILL ) {
826 if ( sect->offset() != 0 )
827 throwf("section offset should be zero for zero-fill section %s", sect->sectname());
828 }
829
830 // check section's segment name matches segment
831 // if ( strncmp(sect->segname(), segCmd->segname(), 16) != 0 )
832 // throwf("section %s in segment %s has wrong segment name", sect->sectname(), segCmd->segname());
833
834 // more section tests here
835 }
836
837
838 template <typename A>
839 void MachOChecker<A>::verify()
840 {
841 bool sharedCacheCandidate = false;
842 if ( fInstallName != NULL ) {
843 if ( (strncmp(fInstallName, "/usr/lib/", 9) == 0) || (strncmp(fInstallName, "/System/Library/", 16) == 0) ) {
844 sharedCacheCandidate = true;
845 verifyInstallName();
846 verifyNoRpaths();
847 }
848 }
849 verifyNoFlatLookups();
850 }
851
852
853 template <typename A>
854 void MachOChecker<A>::verifyInstallName()
855 {
856 // Don't allow @rpath to be used as -install_name for OS dylibs
857 if ( strncmp(fInstallName, "@rpath/", 7) == 0 ) {
858 printf("os_dylib_rpath_install_name\tfatal\t-install_name uses @rpath in arch %s\n", archName());
859 }
860 else {
861 // Verify -install_name match actual path of dylib
862 const char* installPathWithinDstRoot = &fPath[strlen(fDstRoot)];
863 if ( strcmp(installPathWithinDstRoot, fInstallName) != 0 ) {
864 // see if install name is a symlink to actual file
865 bool symlinkToDylib = false;
866 char absDstPath[PATH_MAX];
867 if ( realpath(fDstRoot, absDstPath) != NULL ) {
868 char fullInstallNamePath[PATH_MAX];
869 strlcpy(fullInstallNamePath, absDstPath, PATH_MAX);
870 strlcat(fullInstallNamePath, fInstallName, PATH_MAX);
871 char absInstallNamePath[PATH_MAX];
872 if ( realpath(fullInstallNamePath, absInstallNamePath) != NULL ) {
873 char absFPath[PATH_MAX];
874 if ( realpath(fPath, absFPath) != NULL ) {
875 if ( strcmp(absInstallNamePath, absFPath) == 0 )
876 symlinkToDylib = true;
877 }
878 }
879 }
880 if ( !symlinkToDylib )
881 printf("os_dylib_bad_install_name\twarn\t-install_name does not match install location in arch %s\n", archName());
882 }
883 }
884
885 }
886
887 template <typename A>
888 void MachOChecker<A>::verifyNoRpaths()
889 {
890 // Don't allow OS dylibs to add rpaths
891 if ( fHasLC_RPATH ) {
892 printf("os_dylib_rpath\twarn\tcontains LC_RPATH load command in arch %s\n", archName());
893 }
894 }
895
896
897 template <typename A>
898 void MachOChecker<A>::verifyNoFlatLookups()
899 {
900 if ( (fHeader->flags() & MH_TWOLEVEL) == 0 ) {
901 printf("os_dylib_flat_namespace\twarn\tbuilt with -flat_namespace in arch %s\n", archName());
902 return;
903 }
904
905 if ( fDynamicSymbolTable != NULL ) {
906 const macho_nlist<P>* const undefinesStart = &fSymbols[fDynamicSymbolTable->iundefsym()];
907 const macho_nlist<P>* const undefinesEnd = &undefinesStart[fDynamicSymbolTable->nundefsym()];
908 for(const macho_nlist<P>* sym = undefinesStart; sym < undefinesEnd; ++sym) {
909 //printf("0x%04X %s\n", sym->n_desc(), &fStrings[sym->n_strx()]);
910 if ( GET_LIBRARY_ORDINAL(sym->n_desc()) == DYNAMIC_LOOKUP_ORDINAL ) {
911 const char* symName = &fStrings[sym->n_strx()];
912 printf("os_dylib_undefined_dynamic_lookup\twarn\tbuilt with -undefined dynamic_lookup for symbol %s in arch %s\n", symName, archName());
913 }
914 }
915 }
916 }
917
918 template <typename A>
919 void MachOChecker<A>::checkIndirectSymbolTable()
920 {
921 // static executables don't have indirect symbol table
922 if ( fDynamicSymbolTable == NULL )
923 return;
924 const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
925 const uint32_t cmd_count = fHeader->ncmds();
926 const macho_load_command<P>* cmd = cmds;
927 for (uint32_t i = 0; i < cmd_count; ++i) {
928 if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
929 const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
930 const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
931 const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
932 for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
933 // make sure all magic sections that use indirect symbol table fit within it
934 uint32_t start = 0;
935 uint32_t elementSize = 0;
936 switch ( sect->flags() & SECTION_TYPE ) {
937 case S_SYMBOL_STUBS:
938 elementSize = sect->reserved2();
939 start = sect->reserved1();
940 break;
941 case S_LAZY_SYMBOL_POINTERS:
942 case S_NON_LAZY_SYMBOL_POINTERS:
943 elementSize = sizeof(pint_t);
944 start = sect->reserved1();
945 break;
946 }
947 if ( elementSize != 0 ) {
948 uint32_t count = sect->size() / elementSize;
949 if ( (count*elementSize) != sect->size() )
950 throwf("%s section size is not an even multiple of element size", sect->sectname());
951 if ( (start+count) > fIndirectTableCount )
952 throwf("%s section references beyond end of indirect symbol table (%d > %d)", sect->sectname(), start+count, fIndirectTableCount );
953 }
954 }
955 }
956 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
957 }
958
959
960 if ( fDynamicSymbolTable->ilocalsym() != 0 )
961 throwf("start of local symbols (%d) not at start of symbol table", fDynamicSymbolTable->ilocalsym());
962
963 if ( fDynamicSymbolTable->ilocalsym() > fSymbolCount )
964 throwf("start of local symbols out of range (%d > %d) in indirect symbol table", fDynamicSymbolTable->ilocalsym(), fSymbolCount);
965 if ( fDynamicSymbolTable->ilocalsym() + fDynamicSymbolTable->nlocalsym() > fSymbolCount ) {
966 throwf("local symbols out of range (%d+%d > %d) in indirect symbol table",
967 fDynamicSymbolTable->ilocalsym(), fDynamicSymbolTable->nlocalsym(), fSymbolCount);
968 }
969
970 if ( fDynamicSymbolTable->iextdefsym() > fSymbolCount )
971 throwf("start of extern symbols out of range (%d > %d) in indirect symbol table", fDynamicSymbolTable->iextdefsym(), fSymbolCount);
972 if ( fDynamicSymbolTable->iextdefsym() != fDynamicSymbolTable->ilocalsym() + fDynamicSymbolTable->nlocalsym() ) {
973 throwf("start of extern symbols (%d) not contiguous to local symbols (%d+%d) in indirect symbol table",
974 fDynamicSymbolTable->iextdefsym(), fDynamicSymbolTable->ilocalsym(), fDynamicSymbolTable->nlocalsym() );
975 }
976 if ( fDynamicSymbolTable->iextdefsym() + fDynamicSymbolTable->nextdefsym() > fSymbolCount ) {
977 throwf("extern symbols out of range (%d+%d > %d) in indirect symbol table",
978 fDynamicSymbolTable->iextdefsym(), fDynamicSymbolTable->nextdefsym(), fSymbolCount);
979 }
980
981 if ( fDynamicSymbolTable->iundefsym() > fSymbolCount )
982 throwf("start of undefined symbols out of range (%d > %d) in indirect symbol table", fDynamicSymbolTable->iundefsym(), fSymbolCount);
983 if ( fDynamicSymbolTable->iundefsym() != fDynamicSymbolTable->iextdefsym() + fDynamicSymbolTable->nextdefsym() ) {
984 throwf("start of undefined symbols (%d) not contiguous to extern symbols (%d+%d) in indirect symbol table",
985 fDynamicSymbolTable->iundefsym(), fDynamicSymbolTable->iextdefsym(), fDynamicSymbolTable->nextdefsym());
986 }
987 if ( fDynamicSymbolTable->iundefsym() + fDynamicSymbolTable->nundefsym() > fSymbolCount ) {
988 throwf("undefined symbols out of range (%d+%d > %d) in indirect symbol table",
989 fDynamicSymbolTable->iundefsym(), fDynamicSymbolTable->nundefsym(), fSymbolCount);
990 }
991
992 if ( fDynamicSymbolTable->iundefsym() + fDynamicSymbolTable->nundefsym() != fSymbolCount ) {
993 throwf("end undefined symbols (%d+%d) not at end of all symbols (%d) in indirect symbol table",
994 fDynamicSymbolTable->iundefsym(), fDynamicSymbolTable->nundefsym(), fSymbolCount );
995 }
996 }
997
998
999
1000
1001 template <typename A>
1002 void MachOChecker<A>::checkSymbolTable()
1003 {
1004 // verify no duplicate external symbol names
1005 if ( fDynamicSymbolTable != NULL ) {
1006 StringSet externalNames;
1007 const macho_nlist<P>* const exportedStart = &fSymbols[fDynamicSymbolTable->iextdefsym()];
1008 const macho_nlist<P>* const exportedEnd = &exportedStart[fDynamicSymbolTable->nextdefsym()];
1009 int i = fDynamicSymbolTable->iextdefsym();
1010 for(const macho_nlist<P>* p = exportedStart; p < exportedEnd; ++p, ++i) {
1011 const char* symName = &fStrings[p->n_strx()];
1012 if ( symName > fStringsEnd )
1013 throw "string index out of range";
1014 //fprintf(stderr, "sym[%d] = %s\n", i, symName);
1015 if ( externalNames.find(symName) != externalNames.end() )
1016 throwf("duplicate external symbol: %s", symName);
1017 if ( (p->n_type() & N_EXT) == 0 )
1018 throwf("non-external symbol in external symbol range: %s", symName);
1019 // don't add N_INDR to externalNames because there is likely an undefine with same name
1020 if ( (p->n_type() & N_INDR) == 0 )
1021 externalNames.insert(symName);
1022 }
1023 // verify no undefines with same name as an external symbol
1024 const macho_nlist<P>* const undefinesStart = &fSymbols[fDynamicSymbolTable->iundefsym()];
1025 const macho_nlist<P>* const undefinesEnd = &undefinesStart[fDynamicSymbolTable->nundefsym()];
1026 for(const macho_nlist<P>* p = undefinesStart; p < undefinesEnd; ++p) {
1027 const char* symName = &fStrings[p->n_strx()];
1028 if ( symName > fStringsEnd )
1029 throw "string index out of range";
1030 if ( externalNames.find(symName) != externalNames.end() )
1031 throwf("undefine with same name as external symbol: %s", symName);
1032 }
1033 // verify all N_SECT values are valid
1034 for(const macho_nlist<P>* p = fSymbols; p < &fSymbols[fSymbolCount]; ++p) {
1035 uint8_t type = p->n_type();
1036 if ( ((type & N_STAB) == 0) && ((type & N_TYPE) == N_SECT) ) {
1037 if ( p->n_sect() > fSectionCount ) {
1038 throwf("symbol '%s' has n_sect=%d which is too large", &fStrings[p->n_strx()], p->n_sect());
1039 }
1040 }
1041 }
1042 }
1043 }
1044
1045
1046 template <typename A>
1047 void MachOChecker<A>::checkInitTerms()
1048 {
1049 const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
1050 const uint32_t cmd_count = fHeader->ncmds();
1051 const macho_load_command<P>* cmd = cmds;
1052 for (uint32_t i = 0; i < cmd_count; ++i) {
1053 if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
1054 const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
1055 const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
1056 const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
1057 for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
1058 // make sure all magic sections that use indirect symbol table fit within it
1059 uint32_t count;
1060 pint_t* arrayStart;
1061 pint_t* arrayEnd;
1062 const char* kind = "initializer";
1063 switch ( sect->flags() & SECTION_TYPE ) {
1064 case S_MOD_TERM_FUNC_POINTERS:
1065 kind = "terminator";
1066 // fall through
1067 case S_MOD_INIT_FUNC_POINTERS:
1068 count = sect->size() / sizeof(pint_t);
1069 if ( (count*sizeof(pint_t)) != sect->size() )
1070 throwf("%s section size is not an even multiple of element size", sect->sectname());
1071 if ( (sect->addr() % sizeof(pint_t)) != 0 )
1072 throwf("%s section size is not pointer size aligned", sect->sectname());
1073 // check each pointer in array points within TEXT
1074 arrayStart = (pint_t*)((char*)fHeader + sect->offset());
1075 arrayEnd = (pint_t*)((char*)fHeader + sect->offset() + sect->size());
1076 for (pint_t* p=arrayStart; p < arrayEnd; ++p) {
1077 pint_t pointer = P::getP(*p);
1078 if ( (pointer < fTEXTSegment->vmaddr()) || (pointer >= (fTEXTSegment->vmaddr()+fTEXTSegment->vmsize())) )
1079 throwf("%s 0x%08llX points outside __TEXT segment", kind, (long long)pointer);
1080 }
1081 // check each pointer in array will be rebased and not bound
1082 if ( fSlidableImage ) {
1083 pint_t sectionBeginAddr = sect->addr();
1084 pint_t sectionEndddr = sect->addr() + sect->size();
1085 for(pint_t addr = sectionBeginAddr; addr < sectionEndddr; addr += sizeof(pint_t)) {
1086 if ( addressIsBindingSite(addr) )
1087 throwf("%s at 0x%0llX has binding to external symbol", kind, (long long)addr);
1088 if ( ! addressIsRebaseSite(addr) )
1089 throwf("%s at 0x%0llX is not rebased", kind, (long long)addr);
1090 }
1091 }
1092 break;
1093 }
1094 }
1095 }
1096 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
1097 }
1098
1099 }
1100
1101
1102
1103 template <>
1104 x86::P::uint_t MachOChecker<x86>::relocBase()
1105 {
1106 if ( fHeader->flags() & MH_SPLIT_SEGS )
1107 return fFirstWritableSegment->vmaddr();
1108 else
1109 return fFirstSegment->vmaddr();
1110 }
1111
1112 template <>
1113 x86_64::P::uint_t MachOChecker<x86_64>::relocBase()
1114 {
1115 // check for split-seg
1116 return fFirstWritableSegment->vmaddr();
1117 }
1118
1119 template <>
1120 arm::P::uint_t MachOChecker<arm>::relocBase()
1121 {
1122 if ( fHeader->flags() & MH_SPLIT_SEGS )
1123 return fFirstWritableSegment->vmaddr();
1124 else
1125 return fFirstSegment->vmaddr();
1126 }
1127
1128 template <>
1129 arm64::P::uint_t MachOChecker<arm64>::relocBase()
1130 {
1131 return fFirstWritableSegment->vmaddr();
1132 }
1133
1134 template <typename A>
1135 bool MachOChecker<A>::addressInWritableSegment(pint_t address)
1136 {
1137 const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
1138 const uint32_t cmd_count = fHeader->ncmds();
1139 const macho_load_command<P>* cmd = cmds;
1140 for (uint32_t i = 0; i < cmd_count; ++i) {
1141 if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
1142 const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
1143 if ( (address >= segCmd->vmaddr()) && (address < segCmd->vmaddr()+segCmd->vmsize()) ) {
1144 // if segment is writable, we are fine
1145 if ( (segCmd->initprot() & VM_PROT_WRITE) != 0 )
1146 return true;
1147 // could be a text reloc, make sure section bit is set
1148 const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
1149 const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
1150 for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
1151 if ( (sect->addr() <= address) && (address < (sect->addr()+sect->size())) ) {
1152 // found section for this address, if has relocs we are fine
1153 return ( (sect->flags() & (S_ATTR_EXT_RELOC|S_ATTR_LOC_RELOC)) != 0 );
1154 }
1155 }
1156 }
1157 }
1158 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
1159 }
1160 return false;
1161 }
1162
1163
1164
1165 template <>
1166 void MachOChecker<x86>::checkExternalReloation(const macho_relocation_info<P>* reloc)
1167 {
1168 if ( reloc->r_length() != 2 )
1169 throw "bad external relocation length";
1170 if ( reloc->r_type() != GENERIC_RELOC_VANILLA )
1171 throw "unknown external relocation type";
1172 if ( reloc->r_pcrel() != 0 )
1173 throw "bad external relocation pc_rel";
1174 if ( reloc->r_extern() == 0 )
1175 throw "local relocation found with external relocations";
1176 if ( ! this->addressInWritableSegment(reloc->r_address() + this->relocBase()) )
1177 throw "external relocation address not in writable segment";
1178 // FIX: check r_symbol
1179 }
1180
1181
1182 template <>
1183 void MachOChecker<x86_64>::checkExternalReloation(const macho_relocation_info<P>* reloc)
1184 {
1185 if ( reloc->r_length() != 3 )
1186 throw "bad external relocation length";
1187 if ( reloc->r_type() != X86_64_RELOC_UNSIGNED )
1188 throw "unknown external relocation type";
1189 if ( reloc->r_pcrel() != 0 )
1190 throw "bad external relocation pc_rel";
1191 if ( reloc->r_extern() == 0 )
1192 throw "local relocation found with external relocations";
1193 if ( ! this->addressInWritableSegment(reloc->r_address() + this->relocBase()) )
1194 throw "exernal relocation address not in writable segment";
1195 // FIX: check r_symbol
1196 }
1197
1198 #if SUPPORT_ARCH_arm_any
1199 template <>
1200 void MachOChecker<arm>::checkExternalReloation(const macho_relocation_info<P>* reloc)
1201 {
1202 if ( reloc->r_length() != 2 )
1203 throw "bad external relocation length";
1204 if ( reloc->r_type() != ARM_RELOC_VANILLA )
1205 throw "unknown external relocation type";
1206 if ( reloc->r_pcrel() != 0 )
1207 throw "bad external relocation pc_rel";
1208 if ( reloc->r_extern() == 0 )
1209 throw "local relocation found with external relocations";
1210 if ( ! this->addressInWritableSegment(reloc->r_address() + this->relocBase()) )
1211 throw "external relocation address not in writable segment";
1212 // FIX: check r_symbol
1213 }
1214 #endif
1215
1216 #if SUPPORT_ARCH_arm64
1217 template <>
1218 void MachOChecker<arm64>::checkExternalReloation(const macho_relocation_info<P>* reloc)
1219 {
1220 throw "external relocations not used for arm64";
1221 }
1222 #endif
1223
1224
1225 template <>
1226 void MachOChecker<x86>::checkLocalReloation(const macho_relocation_info<P>* reloc)
1227 {
1228 // FIX
1229 }
1230
1231 template <>
1232 void MachOChecker<x86_64>::checkLocalReloation(const macho_relocation_info<P>* reloc)
1233 {
1234 if ( reloc->r_length() != 3 )
1235 throw "bad local relocation length";
1236 if ( reloc->r_type() != X86_64_RELOC_UNSIGNED )
1237 throw "unknown local relocation type";
1238 if ( reloc->r_pcrel() != 0 )
1239 throw "bad local relocation pc_rel";
1240 if ( reloc->r_extern() != 0 )
1241 throw "external relocation found with local relocations";
1242 if ( ! this->addressInWritableSegment(reloc->r_address() + this->relocBase()) )
1243 throw "local relocation address not in writable segment";
1244 }
1245
1246 #if SUPPORT_ARCH_arm_any
1247 template <>
1248 void MachOChecker<arm>::checkLocalReloation(const macho_relocation_info<P>* reloc)
1249 {
1250 if ( reloc->r_address() & R_SCATTERED ) {
1251 // scattered
1252 const macho_scattered_relocation_info<P>* sreloc = (const macho_scattered_relocation_info<P>*)reloc;
1253 if ( sreloc->r_length() != 2 )
1254 throw "bad local scattered relocation length";
1255 if ( sreloc->r_type() != ARM_RELOC_PB_LA_PTR )
1256 throw "bad local scattered relocation type";
1257 }
1258 else {
1259 if ( reloc->r_length() != 2 )
1260 throw "bad local relocation length";
1261 if ( reloc->r_extern() != 0 )
1262 throw "external relocation found with local relocations";
1263 if ( ! this->addressInWritableSegment(reloc->r_address() + this->relocBase()) )
1264 throw "local relocation address not in writable segment";
1265 }
1266 }
1267 #endif
1268
1269 #if SUPPORT_ARCH_arm64
1270 template <>
1271 void MachOChecker<arm64>::checkLocalReloation(const macho_relocation_info<P>* reloc)
1272 {
1273 throw "local relocations not used for arm64";
1274 }
1275 #endif
1276
1277 template <typename A>
1278 void MachOChecker<A>::checkRelocations()
1279 {
1280 // external relocations should be sorted to minimize dyld symbol lookups
1281 // therefore every reloc with the same r_symbolnum value should be contiguous
1282 std::set<uint32_t> previouslySeenSymbolIndexes;
1283 uint32_t lastSymbolIndex = 0xFFFFFFFF;
1284 const macho_relocation_info<P>* const externRelocsEnd = &fExternalRelocations[fExternalRelocationsCount];
1285 for (const macho_relocation_info<P>* reloc = fExternalRelocations; reloc < externRelocsEnd; ++reloc) {
1286 this->checkExternalReloation(reloc);
1287 if ( reloc->r_symbolnum() != lastSymbolIndex ) {
1288 if ( previouslySeenSymbolIndexes.count(reloc->r_symbolnum()) != 0 )
1289 throw "external relocations not sorted";
1290 previouslySeenSymbolIndexes.insert(lastSymbolIndex);
1291 lastSymbolIndex = reloc->r_symbolnum();
1292 }
1293 }
1294
1295 const macho_relocation_info<P>* const localRelocsEnd = &fLocalRelocations[fLocalRelocationsCount];
1296 for (const macho_relocation_info<P>* reloc = fLocalRelocations; reloc < localRelocsEnd; ++reloc) {
1297 this->checkLocalReloation(reloc);
1298 }
1299
1300 // verify any section with S_ATTR_LOC_RELOC bits set actually has text relocs
1301 const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
1302 const uint32_t cmd_count = fHeader->ncmds();
1303 const macho_load_command<P>* cmd = cmds;
1304 for (uint32_t i = 0; i < cmd_count; ++i) {
1305 if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
1306 const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
1307 // if segment is writable, we are fine
1308 if ( (segCmd->initprot() & VM_PROT_WRITE) != 0 )
1309 continue;
1310 // look at sections that have text reloc bit set
1311 const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
1312 const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
1313 for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
1314 if ( (sect->flags() & S_ATTR_LOC_RELOC) != 0 ) {
1315 if ( ! hasTextRelocInRange(sect->addr(), sect->addr()+sect->size()) ) {
1316 throwf("section %s has attribute set that it has relocs, but it has none", sect->sectname());
1317 }
1318 }
1319 }
1320 }
1321 cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
1322 }
1323 }
1324
1325 template <typename A>
1326 typename A::P::uint_t MachOChecker<A>::segStartAddress(uint8_t segIndex)
1327 {
1328 if ( segIndex > fSegments.size() )
1329 throw "segment index out of range";
1330 return fSegments[segIndex]->vmaddr();
1331 }
1332
1333 template <typename A>
1334 bool MachOChecker<A>::hasTextRelocInRange(pint_t rangeStart, pint_t rangeEnd)
1335 {
1336 // look at local relocs
1337 const macho_relocation_info<P>* const localRelocsEnd = &fLocalRelocations[fLocalRelocationsCount];
1338 for (const macho_relocation_info<P>* reloc = fLocalRelocations; reloc < localRelocsEnd; ++reloc) {
1339 pint_t relocAddress = reloc->r_address() + this->relocBase();
1340 if ( (rangeStart <= relocAddress) && (relocAddress < rangeEnd) )
1341 return true;
1342 }
1343 // look rebase info
1344 if ( fDyldInfo != NULL ) {
1345 const uint8_t* p = (uint8_t*)fHeader + fDyldInfo->rebase_off();
1346 const uint8_t* end = &p[fDyldInfo->rebase_size()];
1347
1348 uint8_t type = 0;
1349 uint64_t segOffset = 0;
1350 uint32_t count;
1351 uint32_t skip;
1352 int segIndex;
1353 pint_t segStartAddr = 0;
1354 pint_t addr;
1355 bool done = false;
1356 while ( !done && (p < end) ) {
1357 uint8_t immediate = *p & REBASE_IMMEDIATE_MASK;
1358 uint8_t opcode = *p & REBASE_OPCODE_MASK;
1359 ++p;
1360 switch (opcode) {
1361 case REBASE_OPCODE_DONE:
1362 done = true;
1363 break;
1364 case REBASE_OPCODE_SET_TYPE_IMM:
1365 type = immediate;
1366 break;
1367 case REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
1368 segIndex = immediate;
1369 segStartAddr = segStartAddress(segIndex);
1370 segOffset = read_uleb128(p, end);
1371 break;
1372 case REBASE_OPCODE_ADD_ADDR_ULEB:
1373 segOffset += read_uleb128(p, end);
1374 break;
1375 case REBASE_OPCODE_ADD_ADDR_IMM_SCALED:
1376 segOffset += immediate*sizeof(pint_t);
1377 break;
1378 case REBASE_OPCODE_DO_REBASE_IMM_TIMES:
1379 for (int i=0; i < immediate; ++i) {
1380 addr = segStartAddr+segOffset;
1381 if ( (rangeStart <= addr) && (addr < rangeEnd) )
1382 return true;
1383 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1384 segOffset += sizeof(pint_t);
1385 }
1386 break;
1387 case REBASE_OPCODE_DO_REBASE_ULEB_TIMES:
1388 count = read_uleb128(p, end);
1389 for (uint32_t i=0; i < count; ++i) {
1390 addr = segStartAddr+segOffset;
1391 if ( (rangeStart <= addr) && (addr < rangeEnd) )
1392 return true;
1393 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1394 segOffset += sizeof(pint_t);
1395 }
1396 break;
1397 case REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB:
1398 addr = segStartAddr+segOffset;
1399 if ( (rangeStart <= addr) && (addr < rangeEnd) )
1400 return true;
1401 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1402 segOffset += read_uleb128(p, end) + sizeof(pint_t);
1403 break;
1404 case REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB:
1405 count = read_uleb128(p, end);
1406 skip = read_uleb128(p, end);
1407 for (uint32_t i=0; i < count; ++i) {
1408 addr = segStartAddr+segOffset;
1409 if ( (rangeStart <= addr) && (addr < rangeEnd) )
1410 return true;
1411 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1412 segOffset += skip + sizeof(pint_t);
1413 }
1414 break;
1415 default:
1416 throwf("bad rebase opcode %d", *p);
1417 }
1418 }
1419 }
1420 return false;
1421 }
1422
1423 template <typename A>
1424 bool MachOChecker<A>::addressIsRebaseSite(pint_t targetAddr)
1425 {
1426 // look at local relocs
1427 const macho_relocation_info<P>* const localRelocsEnd = &fLocalRelocations[fLocalRelocationsCount];
1428 for (const macho_relocation_info<P>* reloc = fLocalRelocations; reloc < localRelocsEnd; ++reloc) {
1429 pint_t relocAddress = reloc->r_address() + this->relocBase();
1430 if ( relocAddress == targetAddr )
1431 return true;
1432 }
1433 // look rebase info
1434 if ( fDyldInfo != NULL ) {
1435 const uint8_t* p = (uint8_t*)fHeader + fDyldInfo->rebase_off();
1436 const uint8_t* end = &p[fDyldInfo->rebase_size()];
1437
1438 uint8_t type = 0;
1439 uint64_t segOffset = 0;
1440 uint32_t count;
1441 uint32_t skip;
1442 int segIndex;
1443 pint_t segStartAddr = 0;
1444 pint_t addr;
1445 bool done = false;
1446 while ( !done && (p < end) ) {
1447 uint8_t immediate = *p & REBASE_IMMEDIATE_MASK;
1448 uint8_t opcode = *p & REBASE_OPCODE_MASK;
1449 ++p;
1450 switch (opcode) {
1451 case REBASE_OPCODE_DONE:
1452 done = true;
1453 break;
1454 case REBASE_OPCODE_SET_TYPE_IMM:
1455 type = immediate;
1456 break;
1457 case REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
1458 segIndex = immediate;
1459 segStartAddr = segStartAddress(segIndex);
1460 segOffset = read_uleb128(p, end);
1461 break;
1462 case REBASE_OPCODE_ADD_ADDR_ULEB:
1463 segOffset += read_uleb128(p, end);
1464 break;
1465 case REBASE_OPCODE_ADD_ADDR_IMM_SCALED:
1466 segOffset += immediate*sizeof(pint_t);
1467 break;
1468 case REBASE_OPCODE_DO_REBASE_IMM_TIMES:
1469 for (int i=0; i < immediate; ++i) {
1470 addr = segStartAddr+segOffset;
1471 if ( addr == targetAddr )
1472 return true;
1473 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1474 segOffset += sizeof(pint_t);
1475 }
1476 break;
1477 case REBASE_OPCODE_DO_REBASE_ULEB_TIMES:
1478 count = read_uleb128(p, end);
1479 for (uint32_t i=0; i < count; ++i) {
1480 addr = segStartAddr+segOffset;
1481 if ( addr == targetAddr )
1482 return true;
1483 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1484 segOffset += sizeof(pint_t);
1485 }
1486 break;
1487 case REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB:
1488 addr = segStartAddr+segOffset;
1489 if ( addr == targetAddr )
1490 return true;
1491 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1492 segOffset += read_uleb128(p, end) + sizeof(pint_t);
1493 break;
1494 case REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB:
1495 count = read_uleb128(p, end);
1496 skip = read_uleb128(p, end);
1497 for (uint32_t i=0; i < count; ++i) {
1498 addr = segStartAddr+segOffset;
1499 if ( addr == targetAddr )
1500 return true;
1501 //printf("%-7s %-16s 0x%08llX %s\n", segName, sectionName(segIndex, segStartAddr+segOffset), segStartAddr+segOffset, typeName);
1502 segOffset += skip + sizeof(pint_t);
1503 }
1504 break;
1505 default:
1506 throwf("bad rebase opcode %d", *p);
1507 }
1508 }
1509 }
1510 return false;
1511 }
1512
1513
1514 template <typename A>
1515 bool MachOChecker<A>::addressIsBindingSite(pint_t targetAddr)
1516 {
1517 // look at external relocs
1518 const macho_relocation_info<P>* const externRelocsEnd = &fExternalRelocations[fExternalRelocationsCount];
1519 for (const macho_relocation_info<P>* reloc = fExternalRelocations; reloc < externRelocsEnd; ++reloc) {
1520 pint_t relocAddress = reloc->r_address() + this->relocBase();
1521 if ( relocAddress == targetAddr )
1522 return true;
1523 }
1524 // look bind info
1525 if ( fDyldInfo != NULL ) {
1526 const uint8_t* p = (uint8_t*)fHeader + fDyldInfo->bind_off();
1527 const uint8_t* end = &p[fDyldInfo->bind_size()];
1528
1529 uint8_t type = 0;
1530 uint64_t segOffset = 0;
1531 uint32_t count;
1532 uint32_t skip;
1533 uint8_t flags;
1534 const char* symbolName = NULL;
1535 int libraryOrdinal = 0;
1536 int segIndex;
1537 int64_t addend = 0;
1538 pint_t segStartAddr = 0;
1539 pint_t addr;
1540 bool done = false;
1541 while ( !done && (p < end) ) {
1542 uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
1543 uint8_t opcode = *p & BIND_OPCODE_MASK;
1544 ++p;
1545 switch (opcode) {
1546 case BIND_OPCODE_DONE:
1547 done = true;
1548 break;
1549 case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
1550 libraryOrdinal = immediate;
1551 break;
1552 case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
1553 libraryOrdinal = read_uleb128(p, end);
1554 break;
1555 case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
1556 // the special ordinals are negative numbers
1557 if ( immediate == 0 )
1558 libraryOrdinal = 0;
1559 else {
1560 int8_t signExtended = BIND_OPCODE_MASK | immediate;
1561 libraryOrdinal = signExtended;
1562 }
1563 break;
1564 case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
1565 symbolName = (char*)p;
1566 while (*p != '\0')
1567 ++p;
1568 ++p;
1569 break;
1570 case BIND_OPCODE_SET_TYPE_IMM:
1571 type = immediate;
1572 break;
1573 case BIND_OPCODE_SET_ADDEND_SLEB:
1574 addend = read_sleb128(p, end);
1575 break;
1576 case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
1577 segIndex = immediate;
1578 segStartAddr = segStartAddress(segIndex);
1579 segOffset = read_uleb128(p, end);
1580 break;
1581 case BIND_OPCODE_ADD_ADDR_ULEB:
1582 segOffset += read_uleb128(p, end);
1583 break;
1584 case BIND_OPCODE_DO_BIND:
1585 if ( (segStartAddr+segOffset) == targetAddr )
1586 return true;
1587 segOffset += sizeof(pint_t);
1588 break;
1589 case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
1590 if ( (segStartAddr+segOffset) == targetAddr )
1591 return true;
1592 segOffset += read_uleb128(p, end) + sizeof(pint_t);
1593 break;
1594 case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
1595 if ( (segStartAddr+segOffset) == targetAddr )
1596 return true;
1597 segOffset += immediate*sizeof(pint_t) + sizeof(pint_t);
1598 break;
1599 case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
1600 count = read_uleb128(p, end);
1601 skip = read_uleb128(p, end);
1602 for (uint32_t i=0; i < count; ++i) {
1603 if ( (segStartAddr+segOffset) == targetAddr )
1604 return true;
1605 segOffset += skip + sizeof(pint_t);
1606 }
1607 break;
1608 default:
1609 throwf("bad bind opcode %d", *p);
1610 }
1611 }
1612 }
1613 return false;
1614 }
1615
1616
1617 static void check(const char* path, const char* verifierDstRoot)
1618 {
1619 struct stat stat_buf;
1620
1621 try {
1622 int fd = ::open(path, O_RDONLY, 0);
1623 if ( fd == -1 )
1624 throw "cannot open file";
1625 if ( ::fstat(fd, &stat_buf) != 0 )
1626 throwf("fstat(%s) failed, errno=%d\n", path, errno);
1627 uint32_t length = stat_buf.st_size;
1628 uint8_t* p = (uint8_t*)::mmap(NULL, stat_buf.st_size, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0);
1629 if ( p == ((uint8_t*)(-1)) )
1630 throw "cannot map file";
1631 ::close(fd);
1632 const mach_header* mh = (mach_header*)p;
1633 if ( mh->magic == OSSwapBigToHostInt32(FAT_MAGIC) ) {
1634 const struct fat_header* fh = (struct fat_header*)p;
1635 const struct fat_arch* archs = (struct fat_arch*)(p + sizeof(struct fat_header));
1636 for (unsigned long i=0; i < OSSwapBigToHostInt32(fh->nfat_arch); ++i) {
1637 size_t offset = OSSwapBigToHostInt32(archs[i].offset);
1638 size_t size = OSSwapBigToHostInt32(archs[i].size);
1639 unsigned int cputype = OSSwapBigToHostInt32(archs[i].cputype);
1640
1641 switch(cputype) {
1642 case CPU_TYPE_I386:
1643 if ( MachOChecker<x86>::validFile(p + offset) )
1644 MachOChecker<x86>::make(p + offset, size, path, verifierDstRoot);
1645 else
1646 throw "in universal file, i386 slice does not contain i386 mach-o";
1647 break;
1648 case CPU_TYPE_X86_64:
1649 if ( MachOChecker<x86_64>::validFile(p + offset) )
1650 MachOChecker<x86_64>::make(p + offset, size, path, verifierDstRoot);
1651 else
1652 throw "in universal file, x86_64 slice does not contain x86_64 mach-o";
1653 break;
1654 #if SUPPORT_ARCH_arm_any
1655 case CPU_TYPE_ARM:
1656 if ( MachOChecker<arm>::validFile(p + offset) )
1657 MachOChecker<arm>::make(p + offset, size, path, verifierDstRoot);
1658 else
1659 throw "in universal file, arm slice does not contain arm mach-o";
1660 break;
1661 #endif
1662 #if SUPPORT_ARCH_arm64
1663 case CPU_TYPE_ARM64:
1664 if ( MachOChecker<arm64>::validFile(p + offset) )
1665 MachOChecker<arm64>::make(p + offset, size, path, verifierDstRoot);
1666 else
1667 throw "in universal file, arm64 slice does not contain arm mach-o";
1668 break;
1669 #endif
1670 default:
1671 throwf("in universal file, unknown architecture slice 0x%x\n", cputype);
1672 }
1673 }
1674 }
1675 else if ( MachOChecker<x86>::validFile(p) ) {
1676 MachOChecker<x86>::make(p, length, path, verifierDstRoot);
1677 }
1678 else if ( MachOChecker<x86_64>::validFile(p) ) {
1679 MachOChecker<x86_64>::make(p, length, path, verifierDstRoot);
1680 }
1681 #if SUPPORT_ARCH_arm_any
1682 else if ( MachOChecker<arm>::validFile(p) ) {
1683 MachOChecker<arm>::make(p, length, path, verifierDstRoot);
1684 }
1685 #endif
1686 #if SUPPORT_ARCH_arm64
1687 else if ( MachOChecker<arm64>::validFile(p) ) {
1688 MachOChecker<arm64>::make(p, length, path, verifierDstRoot);
1689 }
1690 #endif
1691 else {
1692 throw "not a known file type";
1693 }
1694 }
1695 catch (const char* msg) {
1696 throwf("%s in %s", msg, path);
1697 }
1698 }
1699
1700
1701 int main(int argc, const char* argv[])
1702 {
1703 bool progress = false;
1704 const char* verifierDstRoot = NULL;
1705 int result = 0;
1706 for(int i=1; i < argc; ++i) {
1707 const char* arg = argv[i];
1708 if ( arg[0] == '-' ) {
1709 if ( strcmp(arg, "-progress") == 0 ) {
1710 progress = true;
1711 }
1712 else if ( strcmp(arg, "-verifier_dstroot") == 0 ) {
1713 verifierDstRoot = argv[++i];
1714 }
1715 else if ( strcmp(arg, "-verifier_error_list") == 0 ) {
1716 printf("os_dylib_rpath_install_name\tOS dylibs (those in /usr/lib/ or /System/Library/) must be built with -install_name that is an absolute path - not an @rpath\n");
1717 printf("os_dylib_bad_install_name\tOS dylibs (those in /usr/lib/ or /System/Library/) must be built with -install_name matching their file system location\n");
1718 printf("os_dylib_rpath\tOS dylibs should not contain LC_RPATH load commands (from -rpath linker option)\n");
1719 printf("os_dylib_flat_namespace\tOS dylibs should not be built with -flat_namespace\n");
1720 printf("os_dylib_undefined_dynamic_lookup\tOS dylibs should not be built with -undefined dynamic_lookup\n");
1721 printf("os_dylib_malformed\the mach-o is malformed\n");
1722 return 0;
1723 }
1724 else {
1725 throwf("unknown option: %s\n", arg);
1726 }
1727 }
1728 else {
1729 bool success = true;
1730 try {
1731 check(arg, verifierDstRoot);
1732 }
1733 catch (const char* msg) {
1734 if ( verifierDstRoot ) {
1735 printf("os_dylib_malformed\twarn\t%s\n", msg);
1736 }
1737 else {
1738 fprintf(stderr, "machocheck failed: %s\n", msg);
1739 result = 1;
1740 success = false;
1741 }
1742 }
1743 if ( success && progress )
1744 printf("ok: %s\n", arg);
1745 }
1746 }
1747
1748 return result;
1749 }
1750
mirror of ld64