aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Object/WasmObjectFile.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'llvm/lib/Object/WasmObjectFile.cpp')
-rw-r--r--llvm/lib/Object/WasmObjectFile.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/llvm/lib/Object/WasmObjectFile.cpp b/llvm/lib/Object/WasmObjectFile.cpp
index b47d6bb..491a4cf 100644
--- a/llvm/lib/Object/WasmObjectFile.cpp
+++ b/llvm/lib/Object/WasmObjectFile.cpp
@@ -670,8 +670,13 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
Error WasmObjectFile::parseFunctionSection(const uint8_t *Ptr, const uint8_t *End) {
uint32_t Count = readVaruint32(Ptr);
FunctionTypes.reserve(Count);
+ uint32_t NumTypes = Signatures.size();
while (Count--) {
- FunctionTypes.push_back(readVaruint32(Ptr));
+ uint32_t Type = readVaruint32(Ptr);
+ if (Type >= NumTypes)
+ return make_error<GenericBinaryError>("Invalid function type",
+ object_error::parse_failed);
+ FunctionTypes.push_back(Type);
}
if (Ptr != End)
return make_error<GenericBinaryError>("Function section ended prematurely",
generated by cgit v1.1 at 2025-10-09 12:41:48 +0000