[Lldb-commits] [PATCH] D42348: Prevent unaligned memory read in parseMinidumpString

Raphael Isemann via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Tue Jan 23 00:07:44 PST 2018


This revision was automatically updated to reflect the committed changes.
Closed by commit rL323181: Prevent unaligned memory read in parseMinidumpString (authored by teemperor, committed by ).
Herald added a subscriber: llvm-commits.

Changed prior to commit:
  https://reviews.llvm.org/D42348?vs=130798&id=131008#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D42348

Files:
  lldb/trunk/source/Plugins/Process/minidump/MinidumpTypes.cpp


Index: lldb/trunk/source/Plugins/Process/minidump/MinidumpTypes.cpp
===================================================================
--- lldb/trunk/source/Plugins/Process/minidump/MinidumpTypes.cpp
+++ lldb/trunk/source/Plugins/Process/minidump/MinidumpTypes.cpp
@@ -44,19 +44,24 @@
 lldb_private::minidump::parseMinidumpString(llvm::ArrayRef<uint8_t> &data) {
   std::string result;
 
-  const uint32_t *source_length;
-  Status error = consumeObject(data, source_length);
-  if (error.Fail() || *source_length > data.size() || *source_length % 2 != 0)
+  const uint32_t *source_length_ptr;
+  Status error = consumeObject(data, source_length_ptr);
+
+  // Copy non-aligned source_length data into aligned memory.
+  uint32_t source_length;
+  std::memcpy(&source_length, source_length_ptr, sizeof(source_length));
+
+  if (error.Fail() || source_length > data.size() || source_length % 2 != 0)
     return llvm::None;
 
   auto source_start = reinterpret_cast<const llvm::UTF16 *>(data.data());
   // source_length is the length of the string in bytes
   // we need the length of the string in UTF-16 characters/code points (16 bits
   // per char)
   // that's why it's divided by 2
-  const auto source_end = source_start + (*source_length) / 2;
+  const auto source_end = source_start + source_length / 2;
   // resize to worst case length
-  result.resize(UNI_MAX_UTF8_BYTES_PER_CODE_POINT * (*source_length) / 2);
+  result.resize(UNI_MAX_UTF8_BYTES_PER_CODE_POINT * source_length / 2);
   auto result_start = reinterpret_cast<llvm::UTF8 *>(&result[0]);
   const auto result_end = result_start + result.size();
   llvm::ConvertUTF16toUTF8(&source_start, source_end, &result_start, result_end,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D42348.131008.patch
Type: text/x-patch
Size: 1703 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20180123/54bba29f/attachment.bin>


More information about the lldb-commits mailing list