diff options
| -rw-r--r-- | llvm/lib/DebugInfo/PDB/Raw/NameMap.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/llvm/lib/DebugInfo/PDB/Raw/NameMap.cpp b/llvm/lib/DebugInfo/PDB/Raw/NameMap.cpp index e1a248a609f..ad60a44a52d 100644 --- a/llvm/lib/DebugInfo/PDB/Raw/NameMap.cpp +++ b/llvm/lib/DebugInfo/PDB/Raw/NameMap.cpp @@ -50,6 +50,8 @@ Error NameMap::load(codeview::StreamReader &Stream) { make_error<RawError>(raw_error_code::corrupt_file, "Expected name map max strings")); + const uint32_t MaxNumberOfWords = UINT32_MAX / sizeof(uint32_t); + // This appears to be a hash table which uses bitfields to determine whether // or not a bucket is 'present'. uint32_t NumPresentWords; @@ -58,6 +60,10 @@ Error NameMap::load(codeview::StreamReader &Stream) { make_error<RawError>(raw_error_code::corrupt_file, "Expected name map num words")); + if (NumPresentWords > MaxNumberOfWords) + return make_error<RawError>(raw_error_code::corrupt_file, + "Number of present words is too large"); + // Store all the 'present' bits in a vector for later processing. SmallVector<uint32_t, 1> PresentWords; for (uint32_t I = 0; I != NumPresentWords; ++I) { @@ -79,6 +85,10 @@ Error NameMap::load(codeview::StreamReader &Stream) { make_error<RawError>(raw_error_code::corrupt_file, "Expected name map num deleted words")); + if (NumDeletedWords > MaxNumberOfWords) + return make_error<RawError>(raw_error_code::corrupt_file, + "Number of deleted words is too large"); + // Store all the 'deleted' bits in a vector for later processing. SmallVector<uint32_t, 1> DeletedWords; for (uint32_t I = 0; I != NumDeletedWords; ++I) { |
