[LLVMbugs] [Bug 12089] New: Buffer overflow in StreamingMemoryObject::readBytes
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sun Feb 26 09:49:09 PST 2012
http://llvm.org/bugs/show_bug.cgi?id=12089
Bug #: 12089
Summary: Buffer overflow in StreamingMemoryObject::readBytes
Product: new-bugs
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: baldrick at free.fr
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
If LLVM is built with --enable-expensive-checks (which turns on STL debugging),
then running llvm-dis on the attached bitcode causes the std::vector buffer
overflow check to fire:
vector:313:error: attempt to subscript container with out-of-bounds index
32748, but container only holds 32748 elements
Indeed, here:
103 int StreamingMemoryObject::readBytes(uint64_t address,
104 uint64_t size,
105 uint8_t* buf,
106 uint64_t* copied) {
107 if (!fetchToPos(address + size - 1)) return -1;
108 memcpy(buf, &Bytes[address + BytesSkipped], size);
at line 108, Bytes has size 32748, address is 32728, BytesSkipped is 20 and
size is 4: it is trying to copy bytes from beyond the end of the Bytes array.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list