aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Object/Archive.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'llvm/lib/Object/Archive.cpp')
-rw-r--r--llvm/lib/Object/Archive.cpp16
1 files changed, 15 insertions, 1 deletions
diff --git a/llvm/lib/Object/Archive.cpp b/llvm/lib/Object/Archive.cpp
index f4d2ff2..52d0daf 100644
--- a/llvm/lib/Object/Archive.cpp
+++ b/llvm/lib/Object/Archive.cpp
@@ -135,6 +135,13 @@ BigArchiveMemberHeader::BigArchiveMemberHeader(const Archive *Parent,
return;
ErrorAsOutParameter ErrAsOutParam(Err);
+ if (RawHeaderPtr + getSizeOf() >= Parent->getData().end()) {
+ if (Err)
+ *Err = malformedError("malformed AIX big archive: remaining buffer is "
+ "unable to contain next archive member");
+ return;
+ }
+
if (Size < getSizeOf()) {
Error SubErr = createMemberHeaderParseError(this, RawHeaderPtr, Size);
if (Err)
@@ -1172,6 +1179,14 @@ BigArchive::BigArchive(MemoryBufferRef Source, Error &Err)
ErrorAsOutParameter ErrAsOutParam(&Err);
StringRef Buffer = Data.getBuffer();
ArFixLenHdr = reinterpret_cast<const FixLenHdr *>(Buffer.data());
+ uint64_t BufferSize = Data.getBufferSize();
+
+ if (BufferSize < sizeof(FixLenHdr)) {
+ Err = malformedError("malformed AIX big archive: incomplete fixed length "
+ "header, the archive is only" +
+ Twine(BufferSize) + " byte(s)");
+ return;
+ }
StringRef RawOffset = getFieldRawString(ArFixLenHdr->FirstChildOffset);
if (RawOffset.getAsInteger(10, FirstChildOffset))
@@ -1198,7 +1213,6 @@ BigArchive::BigArchive(MemoryBufferRef Source, Error &Err)
return;
if (GlobSymOffset > 0) {
- uint64_t BufferSize = Data.getBufferSize();
uint64_t GlobalSymTblContentOffset =
GlobSymOffset + sizeof(BigArMemHdrType);
if (GlobalSymTblContentOffset > BufferSize) {
generated by cgit v1.1 at 2025-10-01 22:22:23 +0000