if (Error Err = readInteger(Data.getBuffer(), Current, PartOffset))
return Err;
Current += sizeof(uint32_t);
- if (PartOffset + sizeof(dxbc::PartHeader) > Data.getBufferSize())
+ // We need to ensure that each part offset leaves enough space for a part
+ // header. To prevent overflow, we subtract the part header size from the
+ // buffer size, rather than adding to the offset. Since the file header is
+ // larger than the part header we can't reach this code unless the buffer
+ // is larger than the part header, so this can't underflow.
+ if (PartOffset > Data.getBufferSize() - sizeof(dxbc::PartHeader))
return parseFailed("Part offset points beyond boundary of the file");
PartOffsets.push_back(PartOffset);
}
FailedWithMessage("Reading structure out of file bounds"));
}
-#if defined(__arm__)
-TEST(DXCFile, DISABLED_ParsePartInvalidOffsets) {
-#else
TEST(DXCFile, ParsePartInvalidOffsets) {
-#endif
uint8_t Buffer[] = {
0x44, 0x58, 0x42, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,