[PATCH] D51547: MachO: Fix out-of-bounds memory access in getString16
Tom Stellard via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Aug 31 10:27:44 PDT 2018
tstellar created this revision.
tstellar added reviewers: lhames, kledzik.
Herald added a reviewer: javed.absar.
Herald added a subscriber: kristof.beyls.
This fixes the following tests when gcc is compiled with gcc8:
lld :: mach-o/do-not-emit-unwind-fde-arm64.yaml
lld :: mach-o/eh-frame-relocs-arm64.yaml
llvm.org/PR38096
Repository:
rLLD LLVM Linker
https://reviews.llvm.org/D51547
Files:
lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
Index: lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
===================================================================
--- lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
+++ lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
@@ -185,12 +185,11 @@
return result;
}
-inline StringRef getString16(const char s[16]) {
- StringRef x = s;
- if ( x.size() > 16 )
- return x.substr(0, 16);
- else
- return x;
+static StringRef getString16(const char s[16]) {
+ // The StringRef(const char *) constructor passes the const char * to
+ // strlen(), so we can't use this constructor here, because if there is no
+ // null terminator in s, then strlen() will read past the end of the array.
+ return StringRef(s, strnlen(s, 16));
}
inline void setString16(StringRef str, char s[16]) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D51547.163557.patch
Type: text/x-patch
Size: 821 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180831/e59e860c/attachment.bin>
More information about the llvm-commits
mailing list