[llvm-branch-commits] [llvm] release/20.x: [MachO] Improve bounds check (#141083) (PR #141461)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon May 26 01:19:02 PDT 2025
https://github.com/llvmbot updated https://github.com/llvm/llvm-project/pull/141461
>From 302dccf1379057d649533e83d028c125d7caefe2 Mon Sep 17 00:00:00 2001
From: Nikita Popov <npopov at redhat.com>
Date: Mon, 26 May 2025 09:43:00 +0200
Subject: [PATCH] [MachO] Improve bounds check (#141083)
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.
Instead, compare against the remaining bytes until the end of the
object.
(cherry picked from commit 3f29acb51739a3e6bfb8cc623eb37cb734c98a63)
---
llvm/lib/Object/MachOObjectFile.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index 69d36e6a77db7..5db264207ffb7 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -192,7 +192,8 @@ static Expected<MachOObjectFile::LoadCommandInfo>
getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr,
uint32_t LoadCommandIndex) {
if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) {
- if (CmdOrErr->cmdsize + Ptr > Obj.getData().end())
+ assert(Ptr <= Obj.getData().end() && "Start must be before end");
+ if (CmdOrErr->cmdsize > (uintptr_t)(Obj.getData().end() - Ptr))
return malformedError("load command " + Twine(LoadCommandIndex) +
" extends past end of file");
if (CmdOrErr->cmdsize < 8)
More information about the llvm-branch-commits
mailing list