[llvm] r332769 - [WebAssembly] Object: Add more error checking for object file reading
Sam Clegg via llvm-commits
llvm-commits at lists.llvm.org
Fri May 18 14:08:26 PDT 2018
Author: sbc
Date: Fri May 18 14:08:26 2018
New Revision: 332769
URL: http://llvm.org/viewvc/llvm-project?rev=332769&view=rev
Log:
[WebAssembly] Object: Add more error checking for object file reading
This should address some the assert failures the fuzzer has been
finding such as:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6719
Differential Revision: https://reviews.llvm.org/D47046
Modified:
llvm/trunk/lib/Object/WasmObjectFile.cpp
Modified: llvm/trunk/lib/Object/WasmObjectFile.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Object/WasmObjectFile.cpp?rev=332769&r1=332768&r2=332769&view=diff
==============================================================================
--- llvm/trunk/lib/Object/WasmObjectFile.cpp (original)
+++ llvm/trunk/lib/Object/WasmObjectFile.cpp Fri May 18 14:08:26 2018
@@ -112,19 +112,22 @@ static int64_t readLEB128(const uint8_t
static uint8_t readVaruint1(const uint8_t *&Ptr) {
int64_t result = readLEB128(Ptr);
- assert(result <= VARUINT1_MAX && result >= 0);
+ if (result > VARUINT1_MAX || result < 0)
+ report_fatal_error("LEB is outside Varuint1 range");
return result;
}
static int32_t readVarint32(const uint8_t *&Ptr) {
int64_t result = readLEB128(Ptr);
- assert(result <= INT32_MAX && result >= INT32_MIN);
+ if (result > INT32_MAX || result < INT32_MIN)
+ report_fatal_error("LEB is outside Varint32 range");
return result;
}
static uint32_t readVaruint32(const uint8_t *&Ptr) {
uint64_t result = readULEB128(Ptr);
- assert(result <= UINT32_MAX);
+ if (result > UINT32_MAX)
+ report_fatal_error("LEB is outside Varuint32 range");
return result;
}
@@ -955,6 +958,9 @@ Error WasmObjectFile::parseDataSection(c
if (Error Err = readInitExpr(Segment.Data.Offset, Ptr))
return Err;
uint32_t Size = readVaruint32(Ptr);
+ if (Size > End - Ptr)
+ return make_error<GenericBinaryError>("Invalid segment size",
+ object_error::parse_failed);
Segment.Data.Content = ArrayRef<uint8_t>(Ptr, Size);
// The rest of these Data fields are set later, when reading in the linking
// metadata section.
More information about the llvm-commits
mailing list