diff options
| author | Jason Molenda <jmolenda@apple.com> | 2014-04-15 01:04:00 +0000 |
|---|---|---|
| committer | Jason Molenda <jmolenda@apple.com> | 2014-04-15 01:04:00 +0000 |
| commit | c6fa5db7470bd9126cde1e27c6fe792a20ca89b4 (patch) | |
| tree | 540f0ae66b9aa8a38d7677c5b874cf86da8f8e8f /lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp | |
| parent | e9fa266cbad6ac10eb8f7778dd6ddb55ee07491d (diff) | |
| download | bcm5719-llvm-c6fa5db7470bd9126cde1e27c6fe792a20ca89b4.tar.gz bcm5719-llvm-c6fa5db7470bd9126cde1e27c6fe792a20ca89b4.zip | |
Add some basic sanity checks to DynamicLoaderDarwinKernel::ReadKextSummaryHeader()
when it is reading the kext table, in case we're reading out of a core file with
corrupt contents in this region.
<rdar://problem/16601915>
llvm-svn: 206233
Diffstat (limited to 'lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp')
| -rw-r--r-- | lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp b/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp index 119616d0c5e..d24508f6672 100644 --- a/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp +++ b/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp @@ -1148,9 +1148,25 @@ DynamicLoaderDarwinKernel::ReadKextSummaryHeader () { lldb::offset_t offset = 0; m_kext_summary_header.version = data.GetU32(&offset); + if (m_kext_summary_header.version > 128) + { + Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get(); + s->Printf ("WARNING: Unable to read kext summary header, got improbable version number %u\n", m_kext_summary_header.version); + // If we get an improbably large veriosn number, we're probably getting bad memory. + m_kext_summary_header_addr.Clear(); + return false; + } if (m_kext_summary_header.version >= 2) { m_kext_summary_header.entry_size = data.GetU32(&offset); + if (m_kext_summary_header.entry_size > 4096) + { + // If we get an improbably large entry_size, we're probably getting bad memory. + Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get(); + s->Printf ("WARNING: Unable to read kext summary header, got improbable entry_size %u\n", m_kext_summary_header.entry_size); + m_kext_summary_header_addr.Clear(); + return false; + } } else { @@ -1158,6 +1174,14 @@ DynamicLoaderDarwinKernel::ReadKextSummaryHeader () m_kext_summary_header.entry_size = KERNEL_MODULE_ENTRY_SIZE_VERSION_1; } m_kext_summary_header.entry_count = data.GetU32(&offset); + if (m_kext_summary_header.entry_count > 10000) + { + // If we get an improbably large number of kexts, we're probably getting bad memory. + Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get(); + s->Printf ("WARNING: Unable to read kext summary header, got improbable number of kexts %u\n", m_kext_summary_header.entry_count); + m_kext_summary_header_addr.Clear(); + return false; + } return true; } } |
