[PATCH] D47046: [WebAssembly] Object: Add more error checking for object file reading
Sam Clegg via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu May 17 18:29:40 PDT 2018
sbc100 created this revision.
Herald added subscribers: llvm-commits, sunfish, aheejin, jgravelle-google, dschuff.
This should address some the assert failures the fuzzer has been
finding such as:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6719
Repository:
rL LLVM
https://reviews.llvm.org/D47046
Files:
lib/Object/WasmObjectFile.cpp
Index: lib/Object/WasmObjectFile.cpp
===================================================================
--- lib/Object/WasmObjectFile.cpp
+++ lib/Object/WasmObjectFile.cpp
@@ -112,19 +112,22 @@
static uint8_t readVaruint1(const uint8_t *&Ptr) {
int64_t result = readLEB128(Ptr);
- assert(result <= VARUINT1_MAX && result >= 0);
+ if (result > VARUINT1_MAX || result < 0)
+ report_fatal_error("LEB is outside Varuint1 range");
return result;
}
static int32_t readVarint32(const uint8_t *&Ptr) {
int64_t result = readLEB128(Ptr);
- assert(result <= INT32_MAX && result >= INT32_MIN);
+ if (result > INT32_MAX || result < INT32_MIN)
+ report_fatal_error("LEB is outside Varint32 range");
return result;
}
static uint32_t readVaruint32(const uint8_t *&Ptr) {
uint64_t result = readULEB128(Ptr);
- assert(result <= UINT32_MAX);
+ if (result > UINT32_MAX)
+ report_fatal_error("LEB is outside Varuint32 range");
return result;
}
@@ -955,6 +958,9 @@
if (Error Err = readInitExpr(Segment.Data.Offset, Ptr))
return Err;
uint32_t Size = readVaruint32(Ptr);
+ if (Size > End - Ptr)
+ return make_error<GenericBinaryError>("Invalid segment size",
+ object_error::parse_failed);
Segment.Data.Content = ArrayRef<uint8_t>(Ptr, Size);
// The rest of these Data fields are set later, when reading in the linking
// metadata section.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D47046.147424.patch
Type: text/x-patch
Size: 1447 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180518/cfdec625/attachment.bin>
More information about the llvm-commits
mailing list