Fix heap-buffer-overflow bugs identified by the Address Sanitizer

author Greg Fitzgerald <garious@gmail.com>

Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)

committer Greg Fitzgerald <garious@gmail.com>

Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)
author Greg Fitzgerald <garious@gmail.com>
Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)
committer Greg Fitzgerald <garious@gmail.com>
Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)
diff --git a/lld/lib/ReaderWriter/MachO/ArchHandler.cpp b/lld/lib/ReaderWriter/MachO/ArchHandler.cpp

index 90c838c..cb20907 100644 (file)
--- a/lld/lib/ReaderWriter/MachO/ArchHandler.cpp
+++ b/lld/lib/ReaderWriter/MachO/ArchHandler.cpp
@@ -142,6 +142,8 @@ uint32_t ArchHandler::readU32(const uint8_t *addr, bool isBig) {
  
  bool ArchHandler::isDwarfCIE(bool isBig, const DefinedAtom *atom) {
    assert(atom->contentType() == DefinedAtom::typeCFI);
+  if (atom->rawContent().size() < sizeof(uint32_t))
+    return false;
    uint32_t size = read32(atom->rawContent().data(), isBig);
  
    uint32_t idOffset = sizeof(uint32_t);
diff --git a/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp b/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp

index 40b257c..74b013f 100644 (file)
--- a/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
+++ b/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
@@ -411,6 +411,9 @@ private:
        }
      }
  
+    if (atom->rawContent().size() < 4 * sizeof(uint32_t))
+      return entry;
+
      using normalized::read32;
      entry.rangeLength =
          read32(atom->rawContent().data() + 2 * sizeof(uint32_t), _isBig);
author	Greg Fitzgerald <garious@gmail.com>
	Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)
committer	Greg Fitzgerald <garious@gmail.com>
	Thu, 19 Feb 2015 20:42:23 +0000 (20:42 +0000)
lld/lib/ReaderWriter/MachO/ArchHandler.cpp		patch \| blob \| history
lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp		patch \| blob \| history