llvm.org GIT mirror llvm / 2464521
[BinaryFormat] Fix out of bounds read. Found by OSS-FUZZ! https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3220 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@312238 91177308-0d34-0410-b5e6-96231b3b80d8 Benjamin Kramer 3 years ago
2 changed file(s) with 5 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
181181 break;
182182
183183 case 'M': // Possible MS-DOS stub on Windows PE file
184 if (startswith(Magic, "MZ")) {
184 if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
185185 uint32_t off = read32le(Magic.data() + 0x3c);
186186 // PE/COFF file, either EXE or DLL.
187187 if (off < Magic.size() &&
7979 "\x00\x00\x00\x00\x020\x00\x00\x00\xff\xff\x00\x00\xff\xff\x00\x00";
8080 const char macho_dynamically_linked_shared_lib_stub[] =
8181 "\xfe\xed\xfa\xce........\x00\x00\x00\x09............";
82 const char ms_dos_stub_broken[] = "\x4d\x5a\x20\x20";
8283
8384 TEST_F(MagicTest, Magic) {
8485 struct type {
107108 DEFINE(macho_dynamically_linked_shared_lib_stub),
108109 DEFINE(macho_dsym_companion),
109110 DEFINE(macho_kext_bundle),
110 DEFINE(windows_resource)
111 DEFINE(windows_resource),
112 {"ms_dos_stub_broken", ms_dos_stub_broken, sizeof(ms_dos_stub_broken),
113 file_magic::unknown},
111114 #undef DEFINE
112115 };
113116