[PATCH] D47046: [WebAssembly] Object: Add more error checking for object file reading

Phabricator via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri May 18 14:12:15 PDT 2018


This revision was automatically updated to reflect the committed changes.
Closed by commit rL332769: [WebAssembly] Object: Add more error checking for object file reading (authored by sbc, committed by ).

Repository:
  rL LLVM

https://reviews.llvm.org/D47046

Files:
  llvm/trunk/lib/Object/WasmObjectFile.cpp


Index: llvm/trunk/lib/Object/WasmObjectFile.cpp
===================================================================
--- llvm/trunk/lib/Object/WasmObjectFile.cpp
+++ llvm/trunk/lib/Object/WasmObjectFile.cpp
@@ -112,19 +112,22 @@
 
 static uint8_t readVaruint1(const uint8_t *&Ptr) {
   int64_t result = readLEB128(Ptr);
-  assert(result <= VARUINT1_MAX && result >= 0);
+  if (result > VARUINT1_MAX || result < 0)
+    report_fatal_error("LEB is outside Varuint1 range");
   return result;
 }
 
 static int32_t readVarint32(const uint8_t *&Ptr) {
   int64_t result = readLEB128(Ptr);
-  assert(result <= INT32_MAX && result >= INT32_MIN);
+  if (result > INT32_MAX || result < INT32_MIN)
+    report_fatal_error("LEB is outside Varint32 range");
   return result;
 }
 
 static uint32_t readVaruint32(const uint8_t *&Ptr) {
   uint64_t result = readULEB128(Ptr);
-  assert(result <= UINT32_MAX);
+  if (result > UINT32_MAX)
+    report_fatal_error("LEB is outside Varuint32 range");
   return result;
 }
 
@@ -955,6 +958,9 @@
     if (Error Err = readInitExpr(Segment.Data.Offset, Ptr))
       return Err;
     uint32_t Size = readVaruint32(Ptr);
+    if (Size > End - Ptr)
+      return make_error<GenericBinaryError>("Invalid segment size",
+                                            object_error::parse_failed);
     Segment.Data.Content = ArrayRef<uint8_t>(Ptr, Size);
     // The rest of these Data fields are set later, when reading in the linking
     // metadata section.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D47046.147580.patch
Type: text/x-patch
Size: 1480 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180518/f66e995c/attachment.bin>


More information about the llvm-commits mailing list