review.tizen.org Git - platform/upstream/llvm.git/commit

author	Michael Trent <mtrent@apple.com>
	Mon, 11 Mar 2019 18:29:25 +0000 (18:29 +0000)
committer	Michael Trent <mtrent@apple.com>
	Mon, 11 Mar 2019 18:29:25 +0000 (18:29 +0000)
commit	76d66123b27d7e49fa15a347c006ef9454069614
tree	faa882e0e9f5960b8a1a9148b8494790ea8096f7	tree \| snapshot
parent	0d6f681292d5ae8ed5df0cc29eaf95928d264d43	commit \| diff

Detect malformed LC_LINKER_COMMANDs in Mach-O binaries

Summary:
llvm-objdump can be tricked into reading beyond valid memory and
segfaulting if LC_LINKER_COMMAND strings are not null terminated. libObject
does have code to validate the integrity of the LC_LINKER_COMMAND struct,
but this validator improperly assumes linker command strings are null
terminated.

The solution is to report an error if a string extends beyond the end of
the LC_LINKER_COMMAND struct.

Reviewers: lhames, pete

Reviewed By: pete

Subscribers: rupprecht, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D59179

llvm-svn: 355851

llvm/lib/Object/MachOObjectFile.cpp		diff \| blob \| history
llvm/test/tools/llvm-objdump/X86/Inputs/macho-invalid-linker-command	[new file with mode: 0644]	blob
llvm/test/tools/llvm-objdump/X86/malformed-machos.test		diff \| blob \| history