diff options
| author | Nikita Popov <npopov@redhat.com> | 2025-05-26 09:43:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-26 09:43:00 +0200 |
| commit | 3f29acb51739a3e6bfb8cc623eb37cb734c98a63 (patch) | |
| tree | d9f543ab2e71ceb854946fd0b2be596f41c246cd /llvm/lib/Object/MachOObjectFile.cpp | |
| parent | 6623ed4d9e1f43422fd0fa3687028134e06f0993 (diff) | |
| download | llvm-3f29acb51739a3e6bfb8cc623eb37cb734c98a63.zip llvm-3f29acb51739a3e6bfb8cc623eb37cb734c98a63.tar.gz llvm-3f29acb51739a3e6bfb8cc623eb37cb734c98a63.tar.bz2 | |
[MachO] Improve bounds check (#141083)
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.
Instead, compare against the remaining bytes until the end of the
object.
Diffstat (limited to 'llvm/lib/Object/MachOObjectFile.cpp')
| -rw-r--r-- | llvm/lib/Object/MachOObjectFile.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 69d36e6..5db2642 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -192,7 +192,8 @@ static Expected<MachOObjectFile::LoadCommandInfo> getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr, uint32_t LoadCommandIndex) { if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) { - if (CmdOrErr->cmdsize + Ptr > Obj.getData().end()) + assert(Ptr <= Obj.getData().end() && "Start must be before end"); + if (CmdOrErr->cmdsize > (uintptr_t)(Obj.getData().end() - Ptr)) return malformedError("load command " + Twine(LoadCommandIndex) + " extends past end of file"); if (CmdOrErr->cmdsize < 8) |