[libunwind] r316415 - Add missing checks for register number

Martin Storsjo via cfe-commits cfe-commits at lists.llvm.org
Tue Oct 24 00:16:40 PDT 2017 

Author: mstorsjo
Date: Tue Oct 24 00:16:40 2017
New Revision: 316415

URL: http://llvm.org/viewvc/llvm-project?rev=316415&view=rev
Log:
Add missing checks for register number

Most other cases that touch savedRegisters[reg] have got this check,
but these three seemed to lack it.

Differential Revision: https://reviews.llvm.org/D39206

Modified:
    libunwind/trunk/src/DwarfParser.hpp

Modified: libunwind/trunk/src/DwarfParser.hpp
URL: http://llvm.org/viewvc/llvm-project/libunwind/trunk/src/DwarfParser.hpp?rev=316415&r1=316414&r2=316415&view=diff
==============================================================================
--- libunwind/trunk/src/DwarfParser.hpp (original)
+++ libunwind/trunk/src/DwarfParser.hpp Tue Oct 24 00:16:40 2017
@@ -605,6 +605,13 @@ bool CFI_Parser<A>::parseInstructions(A
       break;
     case DW_CFA_val_offset:
       reg = addressSpace.getULEB128(p, instructionsEnd);
+      if (reg > kMaxRegisterNumber) {
+        fprintf(stderr,
+                "malformed DW_CFA_val_offset DWARF unwind, reg (%" PRIu64
+                ") out of range\n",
+                reg);
+        return false;
+      }
       offset = (int64_t)addressSpace.getULEB128(p, instructionsEnd)
                                                     * cieInfo.dataAlignFactor;
       results->savedRegisters[reg].location = kRegisterOffsetFromCFA;
@@ -668,6 +675,12 @@ bool CFI_Parser<A>::parseInstructions(A
       switch (opcode & 0xC0) {
       case DW_CFA_offset:
         reg = operand;
+        if (reg > kMaxRegisterNumber) {
+          fprintf(stderr, "malformed DW_CFA_offset DWARF unwind, reg (%" PRIu64
+                          ") out of range\n",
+                  reg);
+          return false;
+        }
         offset = (int64_t)addressSpace.getULEB128(p, instructionsEnd)
                                                     * cieInfo.dataAlignFactor;
         results->savedRegisters[reg].location = kRegisterInCFA;
@@ -682,6 +695,12 @@ bool CFI_Parser<A>::parseInstructions(A
         break;
       case DW_CFA_restore:
         reg = operand;
+        if (reg > kMaxRegisterNumber) {
+          fprintf(stderr, "malformed DW_CFA_restore DWARF unwind, reg (%" PRIu64
+                          ") out of range\n",
+                  reg);
+          return false;
+        }
         results->savedRegisters[reg] = initialState.savedRegisters[reg];
         _LIBUNWIND_TRACE_DWARF("DW_CFA_restore(reg=%" PRIu64 ")\n",
                                static_cast<uint64_t>(operand));

More information about the cfe-commits mailing list