diff options
| author | Adrian Prantl <aprantl@apple.com> | 2018-11-13 23:14:37 +0000 |
|---|---|---|
| committer | Adrian Prantl <aprantl@apple.com> | 2018-11-13 23:14:37 +0000 |
| commit | 874e32dcf2cc8c4eca7adf8da5bc23416564e02a (patch) | |
| tree | 79116b1dd476279ae050edfa1f1dff70d394c5b8 /lldb/source/Plugins/ObjectFile | |
| parent | 02f8e7c3558685e87a4c440ccfaedb8c35a5297d (diff) | |
| download | bcm5719-llvm-874e32dcf2cc8c4eca7adf8da5bc23416564e02a.tar.gz bcm5719-llvm-874e32dcf2cc8c4eca7adf8da5bc23416564e02a.zip | |
Fix a bug in the parsing of the LC_BUILD_VERSION Mach-O load command.
LC_BUILD_VERSION records are of variable length. The original code
would use uninitialized memory when the size of a record was exactly 24.
rdar://problem/46032185
llvm-svn: 346812
Diffstat (limited to 'lldb/source/Plugins/ObjectFile')
| -rw-r--r-- | lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp index b5184371560..e14e4094f66 100644 --- a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp +++ b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp @@ -5027,24 +5027,28 @@ bool ObjectFileMachO::GetArchitecture(const llvm::MachO::mach_header &header, const lldb::offset_t cmd_offset = offset; if (data.GetU32(&offset, &load_cmd, 2) == NULL) break; - - if (load_cmd.cmd == llvm::MachO::LC_BUILD_VERSION) { - struct build_version_command build_version; - if (load_cmd.cmdsize != sizeof(build_version)) + do { + if (load_cmd.cmd == llvm::MachO::LC_BUILD_VERSION) { + struct build_version_command build_version; + if (load_cmd.cmdsize < sizeof(build_version)) { + // Malformed load command. + break; + } if (data.ExtractBytes(cmd_offset, sizeof(build_version), data.GetByteOrder(), &build_version) == 0) - continue; - MinOS min_os(build_version.minos); - OSEnv os_env(build_version.platform); - if (os_env.os_type.empty()) - continue; - os << os_env.os_type << min_os.major_version << '.' - << min_os.minor_version << '.' << min_os.patch_version; - triple.setOSName(os.str()); - if (!os_env.environment.empty()) - triple.setEnvironmentName(os_env.environment); - return true; - } + break; + MinOS min_os(build_version.minos); + OSEnv os_env(build_version.platform); + if (os_env.os_type.empty()) + break; + os << os_env.os_type << min_os.major_version << '.' + << min_os.minor_version << '.' << min_os.patch_version; + triple.setOSName(os.str()); + if (!os_env.environment.empty()) + triple.setEnvironmentName(os_env.environment); + return true; + } + } while (0); offset = cmd_offset + load_cmd.cmdsize; } |
