[PATCH] D39206: [libunwind] Add missing checks for register number
Martin Storsjö via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 23 14:43:18 PDT 2017
mstorsjo created this revision.
Herald added a subscriber: JDevlieghere.
Most other cases that touch `savedRegisters[reg]` have got this check, but these three seemed to lack it.
https://reviews.llvm.org/D39206
Files:
src/DwarfParser.hpp
Index: src/DwarfParser.hpp
===================================================================
--- src/DwarfParser.hpp
+++ src/DwarfParser.hpp
@@ -605,6 +605,11 @@
break;
case DW_CFA_val_offset:
reg = addressSpace.getULEB128(p, instructionsEnd);
+ if (reg > kMaxRegisterNumber) {
+ fprintf(stderr,
+ "malformed DW_CFA_val_offset DWARF unwind, reg too big\n");
+ return false;
+ }
offset = (int64_t)addressSpace.getULEB128(p, instructionsEnd)
* cieInfo.dataAlignFactor;
results->savedRegisters[reg].location = kRegisterOffsetFromCFA;
@@ -668,6 +673,11 @@
switch (opcode & 0xC0) {
case DW_CFA_offset:
reg = operand;
+ if (reg > kMaxRegisterNumber) {
+ fprintf(stderr,
+ "malformed DW_CFA_offset DWARF unwind, reg too big\n");
+ return false;
+ }
offset = (int64_t)addressSpace.getULEB128(p, instructionsEnd)
* cieInfo.dataAlignFactor;
results->savedRegisters[reg].location = kRegisterInCFA;
@@ -682,6 +692,11 @@
break;
case DW_CFA_restore:
reg = operand;
+ if (reg > kMaxRegisterNumber) {
+ fprintf(stderr,
+ "malformed DW_CFA_restore DWARF unwind, reg too big\n");
+ return false;
+ }
results->savedRegisters[reg] = initialState.savedRegisters[reg];
_LIBUNWIND_TRACE_DWARF("DW_CFA_restore(reg=%" PRIu64 ")\n",
static_cast<uint64_t>(operand));
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D39206.119940.patch
Type: text/x-patch
Size: 1634 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171023/47ef1e3c/attachment-0001.bin>
More information about the cfe-commits
mailing list