[llvm] r312238 - [BinaryFormat] Fix out of bounds read.

Benjamin Kramer via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 31 05:50:42 PDT 2017


Author: d0k
Date: Thu Aug 31 05:50:42 2017
New Revision: 312238

URL: http://llvm.org/viewvc/llvm-project?rev=312238&view=rev
Log:
[BinaryFormat] Fix out of bounds read.

Found by OSS-FUZZ!
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3220

Modified:
    llvm/trunk/lib/BinaryFormat/Magic.cpp
    llvm/trunk/unittests/BinaryFormat/TestFileMagic.cpp

Modified: llvm/trunk/lib/BinaryFormat/Magic.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/BinaryFormat/Magic.cpp?rev=312238&r1=312237&r2=312238&view=diff
==============================================================================
--- llvm/trunk/lib/BinaryFormat/Magic.cpp (original)
+++ llvm/trunk/lib/BinaryFormat/Magic.cpp Thu Aug 31 05:50:42 2017
@@ -182,7 +182,7 @@ file_magic llvm::identify_magic(StringRe
     break;
 
   case 'M': // Possible MS-DOS stub on Windows PE file
-    if (startswith(Magic, "MZ")) {
+    if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
       uint32_t off = read32le(Magic.data() + 0x3c);
       // PE/COFF file, either EXE or DLL.
       if (off < Magic.size() &&

Modified: llvm/trunk/unittests/BinaryFormat/TestFileMagic.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/unittests/BinaryFormat/TestFileMagic.cpp?rev=312238&r1=312237&r2=312238&view=diff
==============================================================================
--- llvm/trunk/unittests/BinaryFormat/TestFileMagic.cpp (original)
+++ llvm/trunk/unittests/BinaryFormat/TestFileMagic.cpp Thu Aug 31 05:50:42 2017
@@ -80,6 +80,7 @@ const char windows_resource[] =
     "\x00\x00\x00\x00\x020\x00\x00\x00\xff\xff\x00\x00\xff\xff\x00\x00";
 const char macho_dynamically_linked_shared_lib_stub[] =
     "\xfe\xed\xfa\xce........\x00\x00\x00\x09............";
+const char ms_dos_stub_broken[] = "\x4d\x5a\x20\x20";
 
 TEST_F(MagicTest, Magic) {
   struct type {
@@ -108,7 +109,9 @@ TEST_F(MagicTest, Magic) {
       DEFINE(macho_dynamically_linked_shared_lib_stub),
       DEFINE(macho_dsym_companion),
       DEFINE(macho_kext_bundle),
-      DEFINE(windows_resource)
+      DEFINE(windows_resource),
+      {"ms_dos_stub_broken", ms_dos_stub_broken, sizeof(ms_dos_stub_broken),
+       file_magic::unknown},
 #undef DEFINE
   };
 




More information about the llvm-commits mailing list