llvm.org GIT mirror llvm / 2b1f6c2
[Bitcode] Fix an unsigned integer overflow while parsing bitcode wrapper header Specially crafted bitcode wrapper headers can cause unsigned interger overflow and lead to crashes when wrapping around. Fix the offset check and avoid such scenarios. Writing a testcase for this would involve editing the binary to generate values that trigger the overflow, since this would never happen while generating the bitcode in regular compilation flows, so there's currently no feasible way add one. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268881 91177308-0d34-0410-b5e6-96231b3b80d8 Bruno Cardoso Lopes 4 years ago
1 changed file(s) with 2 addition(s) and 1 deletion(s). Raw diff Collapse all Expand all
161161
162162 unsigned Offset = support::endian::read32le(&BufPtr[BWH_OffsetField]);
163163 unsigned Size = support::endian::read32le(&BufPtr[BWH_SizeField]);
164 uint64_t BitcodeOffsetEnd = (uint64_t)Offset + (uint64_t)Size;
164165
165166 // Verify that Offset+Size fits in the file.
166 if (VerifyBufferSize && Offset+Size > unsigned(BufEnd-BufPtr))
167 if (VerifyBufferSize && BitcodeOffsetEnd > uint64_t(BufEnd-BufPtr))
167168 return true;
168169 BufPtr += Offset;
169170 BufEnd = BufPtr+Size;