diff options
| author | Kevin Enderby <enderby@apple.com> | 2016-09-27 23:24:13 +0000 |
|---|---|---|
| committer | Kevin Enderby <enderby@apple.com> | 2016-09-27 23:24:13 +0000 |
| commit | 3e490ef94efbf87d52aea11eee8bc25739ca95d1 (patch) | |
| tree | 641c1064dc7d4f68ed67335ea9114fdbc19b3545 /llvm/lib/Object/MachOObjectFile.cpp | |
| parent | 75ad3de85b7025e7241e9ee869c6840bee88a531 (diff) | |
| download | bcm5719-llvm-3e490ef94efbf87d52aea11eee8bc25739ca95d1.tar.gz bcm5719-llvm-3e490ef94efbf87d52aea11eee8bc25739ca95d1.zip | |
Next set of additional error checks for invalid Mach-O files for the
other load commands that use the MachO::dylinker_command type
but not used in llvm libObject code but used in llvm tool code.
This includes LC_ID_DYLINKER, LC_LOAD_DYLINKER
and LC_DYLD_ENVIRONMENT load commands.
llvm-svn: 282553
Diffstat (limited to 'llvm/lib/Object/MachOObjectFile.cpp')
| -rw-r--r-- | llvm/lib/Object/MachOObjectFile.cpp | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 8fa4cd4fe27..fa00561a65c 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -625,6 +625,35 @@ static Error checkDylibIdCommand(const MachOObjectFile *Obj, return Error::success(); } +static Error checkDyldCommand(const MachOObjectFile *Obj, + const MachOObjectFile::LoadCommandInfo &Load, + uint32_t LoadCommandIndex, const char *CmdName) { + if (Load.C.cmdsize < sizeof(MachO::dylinker_command)) + return malformedError("load command " + Twine(LoadCommandIndex) + " " + + CmdName + " cmdsize too small"); + MachO::dylinker_command D = getStruct<MachO::dylinker_command>(Obj, Load.Ptr); + if (D.name < sizeof(MachO::dylinker_command)) + return malformedError("load command " + Twine(LoadCommandIndex) + " " + + CmdName + " name.offset field too small, not past " + "the end of the dylinker_command struct"); + if (D.name >= D.cmdsize) + return malformedError("load command " + Twine(LoadCommandIndex) + " " + + CmdName + " name.offset field extends past the end " + "of the load command"); + // Make sure there is a null between the starting offset of the name and + // the end of the load command. + uint32_t i; + const char *P = (const char *)Load.Ptr; + for (i = D.name; i < D.cmdsize; i++) + if (P[i] == '\0') + break; + if (i >= D.cmdsize) + return malformedError("load command " + Twine(LoadCommandIndex) + " " + + CmdName + " dyld name extends past the end of the " + "load command"); + return Error::success(); +} + Expected<std::unique_ptr<MachOObjectFile>> MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian, bool Is64Bits) { @@ -777,6 +806,15 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, if ((Err = checkDylibCommand(this, Load, I, "LC_LOAD_UPWARD_DYLIB"))) return; Libraries.push_back(Load.Ptr); + } else if (Load.C.cmd == MachO::LC_ID_DYLINKER) { + if ((Err = checkDyldCommand(this, Load, I, "LC_ID_DYLINKER"))) + return; + } else if (Load.C.cmd == MachO::LC_LOAD_DYLINKER) { + if ((Err = checkDyldCommand(this, Load, I, "LC_LOAD_DYLINKER"))) + return; + } else if (Load.C.cmd == MachO::LC_DYLD_ENVIRONMENT) { + if ((Err = checkDyldCommand(this, Load, I, "LC_DYLD_ENVIRONMENT"))) + return; } if (I < LoadCommandCount - 1) { if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load)) |
