[llvm] r316143 - Fix buffer overflow.
Rafael Espindola via llvm-commits
llvm-commits at lists.llvm.org
Wed Oct 18 18:25:48 PDT 2017
Author: rafael
Date: Wed Oct 18 18:25:48 2017
New Revision: 316143
URL: http://llvm.org/viewvc/llvm-project?rev=316143&view=rev
Log:
Fix buffer overflow.
We were reading past the end of the buffer.
Added:
llvm/trunk/test/Object/Inputs/invalid-coff-header-too-small
Modified:
llvm/trunk/lib/BinaryFormat/Magic.cpp
llvm/trunk/test/Object/invalid.test
Modified: llvm/trunk/lib/BinaryFormat/Magic.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/BinaryFormat/Magic.cpp?rev=316143&r1=316142&r2=316143&view=diff
==============================================================================
--- llvm/trunk/lib/BinaryFormat/Magic.cpp (original)
+++ llvm/trunk/lib/BinaryFormat/Magic.cpp Wed Oct 18 18:25:48 2017
@@ -185,7 +185,7 @@ file_magic llvm::identify_magic(StringRe
if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
uint32_t off = read32le(Magic.data() + 0x3c);
// PE/COFF file, either EXE or DLL.
- if (off < Magic.size() &&
+ if (off + sizeof(COFF::PEMagic) <= Magic.size() &&
memcmp(Magic.data() + off, COFF::PEMagic, sizeof(COFF::PEMagic)) == 0)
return file_magic::pecoff_executable;
}
Added: llvm/trunk/test/Object/Inputs/invalid-coff-header-too-small
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/Inputs/invalid-coff-header-too-small?rev=316143&view=auto
==============================================================================
Binary files llvm/trunk/test/Object/Inputs/invalid-coff-header-too-small (added) and llvm/trunk/test/Object/Inputs/invalid-coff-header-too-small Wed Oct 18 18:25:48 2017 differ
Modified: llvm/trunk/test/Object/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Object/invalid.test?rev=316143&r1=316142&r2=316143&view=diff
==============================================================================
--- llvm/trunk/test/Object/invalid.test (original)
+++ llvm/trunk/test/Object/invalid.test Wed Oct 18 18:25:48 2017
@@ -86,3 +86,6 @@ INVALID-REL-SYM: invalid section offset
RUN: not llvm-readobj -r %p/Inputs/invalid-buffer.elf 2>&1 | FileCheck --check-prefix=INVALID-BUFFER %s
INVALID-BUFFER: Invalid buffer
+
+RUN: not llvm-readobj %p/Inputs/invalid-coff-header-too-small 2>&1 | FileCheck --check-prefix=COFF-HEADER %s
+COFF-HEADER: The file was not recognized as a valid object file
More information about the llvm-commits
mailing list