[PATCH] D37070: [WebAssembly] Fix overflow for input without version
Jonas Devlieghere via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 23 12:52:19 PDT 2017
JDevlieghere updated this revision to Diff 112425.
JDevlieghere added a comment.
Running the tests identified an off-by-one error: must be `<` rather than `<=`
Repository:
rL LLVM
https://reviews.llvm.org/D37070
Files:
lib/Object/WasmObjectFile.cpp
test/Object/Inputs/WASM/missing-version.wasm
test/Object/wasm-missing-version.test
Index: test/Object/wasm-missing-version.test
===================================================================
--- /dev/null
+++ test/Object/wasm-missing-version.test
@@ -0,0 +1,2 @@
+# RUN: not llvm-objdump -h %p/Inputs/WASM/missing-version.wasm 2>&1 | FileCheck %s
+# CHECK: {{.*}}: Missing version number
Index: lib/Object/WasmObjectFile.cpp
===================================================================
--- lib/Object/WasmObjectFile.cpp
+++ lib/Object/WasmObjectFile.cpp
@@ -203,15 +203,23 @@
object_error::parse_failed);
return;
}
+
+ const uint8_t *Eof = getPtr(getData().size());
const uint8_t *Ptr = getPtr(4);
+
+ if (Ptr + 4 > Eof) {
+ Err = make_error<StringError>("Missing version number",
+ object_error::parse_failed);
+ return;
+ }
+
Header.Version = readUint32(Ptr);
if (Header.Version != wasm::WasmVersion) {
Err = make_error<StringError>("Bad version number",
object_error::parse_failed);
return;
}
- const uint8_t *Eof = getPtr(getData().size());
WasmSection Sec;
while (Ptr < Eof) {
if ((Err = readSection(Sec, Ptr, getPtr(0))))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37070.112425.patch
Type: text/x-patch
Size: 1213 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170823/235fdf72/attachment.bin>
More information about the llvm-commits
mailing list