[PATCH] [lld] Fix heap-buffer-overflow bugs identified by the Address Sanitizer

Thu Feb 19 12:44:34 PST 2015

REPOSITORY
  rL LLVM

http://reviews.llvm.org/D7733

Files:
  lld/trunk/lib/ReaderWriter/MachO/ArchHandler.cpp
  lld/trunk/lib/ReaderWriter/MachO/CompactUnwindPass.cpp

Index: lld/trunk/lib/ReaderWriter/MachO/ArchHandler.cpp
===================================================================

--- lld/trunk/lib/ReaderWriter/MachO/ArchHandler.cpp
+++ lld/trunk/lib/ReaderWriter/MachO/ArchHandler.cpp
@@ -142,6 +142,8 @@
 
 bool ArchHandler::isDwarfCIE(bool isBig, const DefinedAtom *atom) {
   assert(atom->contentType() == DefinedAtom::typeCFI);
+  if (atom->rawContent().size() < sizeof(uint32_t))
+    return false;
   uint32_t size = read32(atom->rawContent().data(), isBig);
 
   uint32_t idOffset = sizeof(uint32_t);
Index: lld/trunk/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
===================================================================
--- lld/trunk/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
+++ lld/trunk/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
@@ -411,6 +411,9 @@
       }
     }
 
+    if (atom->rawContent().size() < 4 * sizeof(uint32_t))
+      return entry;
+
     using normalized::read32;
     entry.rangeLength =
         read32(atom->rawContent().data() + 2 * sizeof(uint32_t), _isBig);

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D7733.20332.patch
Type: text/x-patch
Size: 1052 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150219/d51a7914/attachment.bin>
