diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp index a32533b003b..b943c4063d6 100644 --- a/lib/Object/MachOObjectFile.cpp +++ b/lib/Object/MachOObjectFile.cpp @@ -183,6 +183,9 @@ static Expected getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr, uint32_t LoadCommandIndex) { if (auto CmdOrErr = getStructOrErr(Obj, Ptr)) { + if (CmdOrErr->cmdsize + Ptr > Obj.getData().end()) + return malformedError("load command " + Twine(LoadCommandIndex) + + " extends past end of file"); if (CmdOrErr->cmdsize < 8) return malformedError("load command " + Twine(LoadCommandIndex) + " with size less than 8 bytes"); @@ -800,7 +803,7 @@ static Error checkNoteCommand(const MachOObjectFile &Obj, uint32_t LoadCommandIndex, std::list &Elements) { if (Load.C.cmdsize != sizeof(MachO::note_command)) - return malformedError("load command " + Twine(LoadCommandIndex) + + return malformedError("load command " + Twine(LoadCommandIndex) + " LC_NOTE has incorrect cmdsize"); MachO::note_command Nt = getStruct(Obj, Load.Ptr); uint64_t FileSize = Obj.getData().size(); diff --git a/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof b/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof new file mode 100644 index 00000000000..feefab933ec Binary files /dev/null and b/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof differ diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test index e956680a2ce..1a7ac21d744 100644 --- a/test/Object/macho-invalid.test +++ b/test/Object/macho-invalid.test @@ -284,6 +284,9 @@ INVALID-DYLIB-WRONG-FILETYPE: macho-invalid-dylib-wrong-filetype': truncated or RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-no-id 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NO-ID %s INVALID-DYLIB-NO-ID: macho-invalid-dylib-no-id': truncated or malformed object (no LC_ID_DYLIB load command in dynamic library filetype) +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-cmdsize-past-eof 2>&1 | FileCheck -check-prefix INVALID-DYLIB-CMDSIZE %s +INVALID-DYLIB-CMDSIZE: macho-invalid-dylib-cmdsize-past-eof': truncated or malformed object (load command 0 extends past end of file) + RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-uuid-more-than-one 2>&1 | FileCheck -check-prefix INVALID-UUID-MORE-THAN-ONE %s INVALID-UUID-MORE-THAN-ONE: macho-invalid-uuid-more-than-one': truncated or malformed object (more than one LC_UUID command)