[llvm] [yaml2obj][MachO] Fix crash from integer underflow with invalid cmdsize (PR #165924)
James Henderson via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 3 01:16:46 PST 2025
================
@@ -285,7 +285,15 @@ void MachOWriter::writeLoadCommands(raw_ostream &OS) {
// Fill remaining bytes with 0. This will only get hit in partially
// specified test cases.
- auto BytesRemaining = LC.Data.load_command_data.cmdsize - BytesWritten;
+ // Prevent integer underflow if BytesWritten exceeds cmdsize.
+ if (BytesWritten > LC.Data.load_command_data.cmdsize) {
+ errs() << "warning: load command " << LC.Data.load_command_data.cmd
----------------
jh7370 wrote:
Prefer `WithColor::warning`, same as e.g. https://github.com/rjmansfield/llvm-project/blob/1857805719a0c32263f4356c3902c63d32db15c8/llvm/lib/ObjectYAML/ELFEmitter.cpp#L1555
Is it possible to map `LC.Data.load_command_data.cmd` back to its named value (e.g. `LC_SEGMENT_64`) for a clearer warning? Alternatively, might it make more sense to use the index of the entry? Indeed, on first read of the test, I thought that was what was being used! I don't know Mach-O well enough, but might there be more than one of the same load command type? If so, the index will disambiguate which one is the problem.
https://github.com/llvm/llvm-project/pull/165924
More information about the llvm-commits
mailing list