[llvm] ae0b263 - [BitcodeReader] Add bounds checking on Strtab (#76403)
via llvm-commits
llvm-commits at lists.llvm.org
Wed Dec 27 00:26:25 PST 2023
Author: DavidKorczynski
Date: 2023-12-27T09:26:21+01:00
New Revision: ae0b2633c935950084860e5f6a1c2c3203726489
URL: https://github.com/llvm/llvm-project/commit/ae0b2633c935950084860e5f6a1c2c3203726489
DIFF: https://github.com/llvm/llvm-project/commit/ae0b2633c935950084860e5f6a1c2c3203726489.diff
LOG: [BitcodeReader] Add bounds checking on Strtab (#76403)
This is needed to protect against global overflows, which was found by a
fuzzer recently.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65283
---------
Signed-off-by: David Korczynski <david at adalogics.com>
Added:
Modified:
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 8907f6fa4ff3fd..a027d0c21ba0bb 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4218,6 +4218,9 @@ Error BitcodeReader::parseGlobalIndirectSymbolRecord(
// Check whether we have enough values to read a partition name.
if (OpNum + 1 < Record.size()) {
+ // Check Strtab has enough values for the partition.
+ if (Record[OpNum] + Record[OpNum + 1] > Strtab.size())
+ return error("Malformed partition, too large.");
NewGA->setPartition(
StringRef(Strtab.data() + Record[OpNum], Record[OpNum + 1]));
OpNum += 2;
More information about the llvm-commits
mailing list