RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-05-13 10:56:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[Bitcode] Fix an unsigned integer overflow while parsing bitcode wrapper header

Browse Source 
Specially crafted bitcode wrapper headers can cause unsigned interger
overflow and lead to crashes when wrapping around. Fix the offset check
and avoid such scenarios.

Writing a testcase for this would involve editing the binary to generate
values that trigger the overflow, since this would never happen while
generating the bitcode in regular compilation flows, so there's
currently no feasible way add one.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268881 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Bruno Cardoso Lopes 2016-05-08 21:27:39 +00:00
parent ba458cf29f
commit 2b1f6c23bc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/llvm/Bitcode/ReaderWriter.h
View File

@ -162,9 +162,10 @@ namespace llvm {
unsigned Offset = support::endian::read32le(&BufPtr[BWH_OffsetField]);
unsigned Size = support::endian::read32le(&BufPtr[BWH_SizeField]);
uint64_t BitcodeOffsetEnd = (uint64_t)Offset + (uint64_t)Size;
// Verify that Offset+Size fits in the file.
if (VerifyBufferSize && Offset+Size > unsigned(BufEnd-BufPtr))
if (VerifyBufferSize && BitcodeOffsetEnd > uint64_t(BufEnd-BufPtr))
return true;
BufPtr += Offset;
BufEnd = BufPtr+Size;