Fix heap-buffer-overflow bugs identified by the Address Sanitizer

Differential Revision: http://reviews.llvm.org/D7733

llvm-svn: 229912

2 files changed, 5 insertions, 0 deletions

diff --git a/lld/lib/ReaderWriter/MachO/ArchHandler.cpp b/lld/lib/ReaderWriter/MachO/ArchHandler.cpp
index 90c838cd84a..cb20907b3e3 100644
--- a/lld/lib/ReaderWriter/MachO/ArchHandler.cpp
+++ b/lld/lib/ReaderWriter/MachO/ArchHandler.cpp
@@ -142,6 +142,8 @@ uint32_t ArchHandler::readU32(const uint8_t *addr, bool isBig) {
 
 bool ArchHandler::isDwarfCIE(bool isBig, const DefinedAtom *atom) {
   assert(atom->contentType() == DefinedAtom::typeCFI);
+  if (atom->rawContent().size() < sizeof(uint32_t))
+    return false;
   uint32_t size = read32(atom->rawContent().data(), isBig);
 
   uint32_t idOffset = sizeof(uint32_t);
diff --git a/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp b/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
index 40b257cd7a4..74b013f1d50 100644
--- a/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
+++ b/lld/lib/ReaderWriter/MachO/CompactUnwindPass.cpp
@@ -411,6 +411,9 @@ private:
       }
     }
 
+    if (atom->rawContent().size() < 4 * sizeof(uint32_t))
+      return entry;
+
     using normalized::read32;
     entry.rangeLength =
         read32(atom->rawContent().data() + 2 * sizeof(uint32_t), _isBig);