From a845167dcaad7c099d8d29eed578565fa1d3511a Mon Sep 17 00:00:00 2001 From: Jonas Devlieghere Date: Wed, 23 Aug 2017 21:36:04 +0000 Subject: [WebAssembly] Fix overflow for input with missing version Differential revision: https://reviews.llvm.org/D37070 llvm-svn: 311605 --- llvm/lib/Object/WasmObjectFile.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'llvm/lib/Object/WasmObjectFile.cpp') diff --git a/llvm/lib/Object/WasmObjectFile.cpp b/llvm/lib/Object/WasmObjectFile.cpp index 7f80bf0..91fc613 100644 --- a/llvm/lib/Object/WasmObjectFile.cpp +++ b/llvm/lib/Object/WasmObjectFile.cpp @@ -203,7 +203,16 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err) object_error::parse_failed); return; } + + const uint8_t *Eof = getPtr(getData().size()); const uint8_t *Ptr = getPtr(4); + + if (Ptr + 4 > Eof) { + Err = make_error("Missing version number", + object_error::parse_failed); + return; + } + Header.Version = readUint32(Ptr); if (Header.Version != wasm::WasmVersion) { Err = make_error("Bad version number", @@ -211,7 +220,6 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err) return; } - const uint8_t *Eof = getPtr(getData().size()); WasmSection Sec; while (Ptr < Eof) { if ((Err = readSection(Sec, Ptr, getPtr(0)))) -- cgit v1.1