[llvm] [WasmObjectFile] fix NULL-dereference (PR #77708)
via llvm-commits
llvm-commits at lists.llvm.org
Wed Jan 10 16:23:53 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-backend-webassembly
Author: None (DavidKorczynski)
<details>
<summary>Changes</summary>
If the element index is above `Sections.size()` then a NULL-dereference may happen. This fixes it by ensuring the index is within bound and returns an error in case.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30789
---
Full diff: https://github.com/llvm/llvm-project/pull/77708.diff
1 Files Affected:
- (modified) llvm/lib/Object/WasmObjectFile.cpp (+4)
``````````diff
diff --git a/llvm/lib/Object/WasmObjectFile.cpp b/llvm/lib/Object/WasmObjectFile.cpp
index 94cd96968ff201..1e9662a7d6ad08 100644
--- a/llvm/lib/Object/WasmObjectFile.cpp
+++ b/llvm/lib/Object/WasmObjectFile.cpp
@@ -753,6 +753,10 @@ Error WasmObjectFile::parseLinkingSectionSymtab(ReadContext &Ctx) {
"section symbols must have local binding",
object_error::parse_failed);
Info.ElementIndex = readVaruint32(Ctx);
+ if (Info.ElementIndex >= Sections.size()) {
+ return make_error<GenericBinaryError>("invalid section index index",
+ object_error::parse_failed);
+ }
// Use somewhat unique section name as symbol name.
StringRef SectionName = Sections[Info.ElementIndex].Name;
Info.Name = SectionName;
``````````
</details>
https://github.com/llvm/llvm-project/pull/77708
More information about the llvm-commits
mailing list