123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 | // Copyright (C) 2016 Intel Corporation.// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only#include"qmachparser_p.h"#include <qendian.h>#include <mach-o/loader.h>#include <mach-o/fat.h> QT_BEGIN_NAMESPACE using namespaceQt::StringLiterals;// Whether we include some extra validity checks// (checks to ensure we don't read out-of-bounds are always included)staticconstexprbool IncludeValidityChecks =true;#if defined(Q_PROCESSOR_X86_64)# define MACHO64static const cpu_type_t my_cputype = CPU_TYPE_X86_64;#elif defined(Q_PROCESSOR_X86_32)static const cpu_type_t my_cputype = CPU_TYPE_X86;#elif defined(Q_PROCESSOR_POWER_64)# define MACHO64static const cpu_type_t my_cputype = CPU_TYPE_POWERPC64;#elif defined(Q_PROCESSOR_POWER_32)static const cpu_type_t my_cputype = CPU_TYPE_POWERPC;#elif defined(Q_PROCESSOR_ARM_64)# define MACHO64static const cpu_type_t my_cputype = CPU_TYPE_ARM64;#elif defined(Q_PROCESSOR_ARM)static const cpu_type_t my_cputype = CPU_TYPE_ARM;#else# error"Unknown CPU type"#endif#ifdef MACHO64# undef MACHO64typedef mach_header_64 my_mach_header;typedef segment_command_64 my_segment_command;typedef section_64 my_section;static const uint32_t my_magic = MH_MAGIC_64;#elsetypedef mach_header my_mach_header;typedef segment_command my_segment_command;typedef section my_section;static const uint32_t my_magic = MH_MAGIC;#endif Q_DECL_COLD_FUNCTION static QLibraryScanResult notfound(const QString &reason, QString *errorString){*errorString =QLibrary::tr("'%1' is not a valid Mach-O binary (%2)").arg(*errorString, reason.isEmpty() ?QLibrary::tr("file is corrupt") : reason);return{};}static boolisEncrypted(const my_mach_header *header){auto commandCursor =uintptr_t(header) +sizeof(my_mach_header);for(uint32_t i =0; i < header->ncmds; ++i) { load_command *loadCommand =reinterpret_cast<load_command *>(commandCursor);if(loadCommand->cmd == LC_ENCRYPTION_INFO || loadCommand->cmd == LC_ENCRYPTION_INFO_64) {// The layout of encryption_info_command and encryption_info_command_64 is the same// up until and including cryptid, so we can treat it as encryption_info_command.auto encryptionInfoCommand =reinterpret_cast<encryption_info_command*>(loadCommand);return encryptionInfoCommand->cryptid !=0;} commandCursor += loadCommand->cmdsize;}return false;} QLibraryScanResult QMachOParser::parse(const char*m_s, ulong fdlen, QString *errorString){// The minimum size of a Mach-O binary we're interested in.// It must have a full Mach header, at least one segment and at least one// section. It's probably useless with just the "qtmetadata" section, but// it's valid nonetheless.// A fat binary must have this plus the fat header, of course.static const size_t MinFileSize =sizeof(my_mach_header) +sizeof(my_segment_command) +sizeof(my_section);static const size_t MinFatHeaderSize =sizeof(fat_header) +2*sizeof(fat_arch);if(Q_UNLIKELY(fdlen < MinFileSize))returnnotfound(QLibrary::tr("file too small"), errorString);// find out if this is a fat Mach-O binary firstconst my_mach_header *header =nullptr;const fat_header *fat =reinterpret_cast<const fat_header *>(m_s);if(fat->magic ==qToBigEndian(FAT_MAGIC)) {// find our architecture in the binaryconst fat_arch *arch =reinterpret_cast<const fat_arch *>(fat +1);if(Q_UNLIKELY(fdlen < MinFatHeaderSize)) {returnnotfound(QLibrary::tr("file too small"), errorString);}int count =qFromBigEndian(fat->nfat_arch);if(Q_UNLIKELY(fdlen <sizeof(*fat) +sizeof(*arch) * count))returnnotfound(QString(), errorString);for(int i =0; i < count; ++i) {if(arch[i].cputype ==qToBigEndian(my_cputype)) {// ### should we check the CPU subtype? Maybe on ARM?uint32_t size =qFromBigEndian(arch[i].size);uint32_t offset =qFromBigEndian(arch[i].offset);if(Q_UNLIKELY(size > fdlen) ||Q_UNLIKELY(offset > fdlen)||Q_UNLIKELY(size + offset > fdlen) ||Q_UNLIKELY(size < MinFileSize))returnnotfound(QString(), errorString); header =reinterpret_cast<const my_mach_header *>(m_s + offset); fdlen = size;break;}}if(!header)returnnotfound(QLibrary::tr("no suitable architecture in fat binary"), errorString);// check the magic againif(Q_UNLIKELY(header->magic != my_magic))returnnotfound(QString(), errorString);}else{ header =reinterpret_cast<const my_mach_header *>(m_s); fat =0;// check magicif(header->magic != my_magic)returnnotfound(QLibrary::tr("invalid magic %1").arg(qFromBigEndian(header->magic),8,16,'0'_L1), errorString);}// from this point on, everything is in host byte order// (re-)check the CPU type// ### should we check the CPU subtype? Maybe on ARM?if(header->cputype != my_cputype) {if(fat)returnnotfound(QString(), errorString);returnnotfound(QLibrary::tr("wrong architecture"), errorString);}// check the file typeif(Q_UNLIKELY(header->filetype != MH_BUNDLE && header->filetype != MH_DYLIB))returnnotfound(QLibrary::tr("not a dynamic library"), errorString);// find the __TEXT segment, "qtmetadata" sectionconst my_segment_command *seg =reinterpret_cast<const my_segment_command *>(header +1); ulong minsize =sizeof(*header);for(uint i =0; i < header->ncmds; ++i, seg =reinterpret_cast<const my_segment_command *>(reinterpret_cast<const char*>(seg) + seg->cmdsize)) {// We're sure that the file size includes at least one load command// but we have to check anyway if we're past the firstif(Q_UNLIKELY(fdlen < minsize +sizeof(load_command)))returnnotfound(QString(), errorString);// cmdsize can't be trusted until validated// so check it against fdlen anyway// (these are unsigned operations, with overflow behavior specified in the standard) minsize += seg->cmdsize;if(Q_UNLIKELY(fdlen < minsize) ||Q_UNLIKELY(fdlen < seg->cmdsize))returnnotfound(QString(), errorString);const uint32_t MyLoadCommand =sizeof(void*) >4? LC_SEGMENT_64 : LC_SEGMENT;if(seg->cmd != MyLoadCommand)continue;// is this the __TEXT segment?if(strcmp(seg->segname,"__TEXT") ==0) {const my_section *sect =reinterpret_cast<const my_section *>(seg +1);for(uint j =0; j < seg->nsects; ++j) {// is this the "qtmetadata" section?if(strcmp(sect[j].sectname,"qtmetadata") !=0)continue;// found it!if(Q_UNLIKELY(fdlen < sect[j].offset) ||Q_UNLIKELY(fdlen < sect[j].size)||Q_UNLIKELY(fdlen < sect[j].offset + sect[j].size))returnnotfound(QString(), errorString);if(sect[j].size <sizeof(QPluginMetaData::MagicHeader))returnnotfound(QLibrary::tr(".qtmetadata section is too small"), errorString);const bool binaryIsEncrypted =isEncrypted(header); qsizetype pos =reinterpret_cast<const char*>(header) - m_s + sect[j].offset;// We can not read the section data of encrypted libraries until they// have been dlopened(), so skip validity check if that's the case.if(IncludeValidityChecks && !binaryIsEncrypted) { QByteArrayView expectedMagic =QByteArrayView::fromArray(QPluginMetaData::MagicString); QByteArrayView actualMagic =QByteArrayView(m_s + pos, expectedMagic.size());if(expectedMagic != actualMagic)returnnotfound(QLibrary::tr(".qtmetadata section has incorrect magic"), errorString);} pos +=sizeof(QPluginMetaData::MagicString);return{ pos,qsizetype(sect[j].size -sizeof(QPluginMetaData::MagicString)), binaryIsEncrypted };}}// other type of segment seg =reinterpret_cast<const my_segment_command *>(reinterpret_cast<const char*>(seg) + seg->cmdsize);}// No .qtmetadata section was found*errorString =QLibrary::tr("'%1' is not a Qt plugin").arg(*errorString);return{};} QT_END_NAMESPACE
|
