From 8f265f701a0fbd45f6e6d8ad84cc537c346bf4fb Mon Sep 17 00:00:00 2001 From: Greg Clayton Date: Wed, 28 Oct 2015 20:49:34 +0000 Subject: Don't crash when opening a fuzzed mach-o file that has bad dyld trie data. llvm-svn: 251555 --- .../Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp | 26 ++++++++++++++-------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp') diff --git a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp index 48d37bf32a0..625418c508a 100644 --- a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp +++ b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp @@ -2068,7 +2068,7 @@ struct TrieEntryWithOffset } }; -static void +static bool ParseTrieEntries (DataExtractor &data, lldb::offset_t offset, const bool is_arm, @@ -2077,7 +2077,7 @@ ParseTrieEntries (DataExtractor &data, std::vector& output) { if (!data.ValidOffset(offset)) - return; + return true; const uint64_t terminalSize = data.GetULEB128(&offset); lldb::offset_t children_offset = offset + terminalSize; @@ -2128,19 +2128,27 @@ ParseTrieEntries (DataExtractor &data, const uint8_t childrenCount = data.GetU8(&children_offset); for (uint8_t i=0; i < childrenCount; ++i) { - nameSlices.push_back(data.GetCStr(&children_offset)); + const char *cstr = data.GetCStr(&children_offset); + if (cstr) + nameSlices.push_back(llvm::StringRef(cstr)); + else + return false; // Corrupt data lldb::offset_t childNodeOffset = data.GetULEB128(&children_offset); if (childNodeOffset) { - ParseTrieEntries(data, - childNodeOffset, - is_arm, - nameSlices, - resolver_addresses, - output); + if (!ParseTrieEntries(data, + childNodeOffset, + is_arm, + nameSlices, + resolver_addresses, + output)) + { + return false; + } } nameSlices.pop_back(); } + return true; } size_t -- cgit v1.2.3