[PATCH] [lld] Fix heap-buffer-overflow bugs identified by the Address Sanitizer
Greg Fitzgerald
garious at gmail.com
Wed Feb 18 12:35:12 PST 2015
Hi t.p.northover, nicholas,
MachO backend is reading memory when the atom content is empty. This patch adds guards to ensure the content exists before reading it.
REPOSITORY
rL LLVM
http://reviews.llvm.org/D7733
Files:
lib/ReaderWriter/MachO/ArchHandler.cpp
lib/ReaderWriter/MachO/CompactUnwindPass.cpp
Index: lib/ReaderWriter/MachO/ArchHandler.cpp
===================================================================
--- lib/ReaderWriter/MachO/ArchHandler.cpp
+++ lib/ReaderWriter/MachO/ArchHandler.cpp
@@ -142,6 +142,9 @@
bool ArchHandler::isDwarfCIE(bool isBig, const DefinedAtom *atom) {
assert(atom->contentType() == DefinedAtom::typeCFI);
+ if (atom->rawContent().size() < sizeof(uint32_t)) {
+ return false;
+ }
uint32_t size = read32(atom->rawContent().data(), isBig);
uint32_t idOffset = sizeof(uint32_t);
Index: lib/ReaderWriter/MachO/CompactUnwindPass.cpp
===================================================================
--- lib/ReaderWriter/MachO/CompactUnwindPass.cpp
+++ lib/ReaderWriter/MachO/CompactUnwindPass.cpp
@@ -411,11 +411,13 @@
}
}
- using normalized::read32;
- entry.rangeLength =
- read32(atom->rawContent().data() + 2 * sizeof(uint32_t), _isBig);
- entry.encoding =
- read32(atom->rawContent().data() + 3 * sizeof(uint32_t), _isBig);
+ if (atom->rawContent().size() > 4 * sizeof(uint32_t)) {
+ using normalized::read32;
+ entry.rangeLength =
+ read32(atom->rawContent().data() + 2 * sizeof(uint32_t), _isBig);
+ entry.encoding =
+ read32(atom->rawContent().data() + 3 * sizeof(uint32_t), _isBig);
+ }
return entry;
}
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D7733.20212.patch
Type: text/x-patch
Size: 1348 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150218/3a6bbb86/attachment.bin>
More information about the llvm-commits
mailing list