[PATCH] D138891: [MachO] Prevent overflow on 32-bit platforms when calculating load command offsets
A. Wilcox via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 28 20:22:38 PST 2022
awilfox created this revision.
awilfox added reviewers: alexander-shaposhnikov, oontvoo, jyknight, MaskRay.
awilfox added a project: LLVM.
Herald added subscribers: StephenFan, hiraditya.
Herald added a project: All.
awilfox requested review of this revision.
Herald added a subscriber: llvm-commits.
This prevents overflow which can lead to llvm-objdump incorrectly accepting a malformed MachO file. This in turn caused the LLVM test suite to segfault on 32-bit Linux/musl platforms (since pointers are allocated in high memory on musl).
Fixes GitHub #56746.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D138891
Files:
llvm/lib/Object/MachOObjectFile.cpp
Index: llvm/lib/Object/MachOObjectFile.cpp
===================================================================
--- llvm/lib/Object/MachOObjectFile.cpp
+++ llvm/lib/Object/MachOObjectFile.cpp
@@ -191,7 +191,8 @@
getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr,
uint32_t LoadCommandIndex) {
if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) {
- if (CmdOrErr->cmdsize + Ptr > Obj.getData().end())
+ uint64_t Offset = Ptr - Obj.getData().begin();
+ if (CmdOrErr->cmdsize + Offset > Obj.getData().size())
return malformedError("load command " + Twine(LoadCommandIndex) +
" extends past end of file");
if (CmdOrErr->cmdsize < 8)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D138891.478447.patch
Type: text/x-patch
Size: 729 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20221129/df5ca21f/attachment.bin>
More information about the llvm-commits
mailing list