From e3d6b9786e61c80a089a5812e7699dd18f0ebcc3 Mon Sep 17 00:00:00 2001
From: Jonas Devlieghere <jonas@devlieghere.com>
Date: Fri, 31 Aug 2018 14:54:01 +0000
Subject: [Wasm] Add missing EOF checks for floats

Adds the same checks we already do for ints to floats.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8698
llvm-svn: 341216
---
 llvm/lib/Object/WasmObjectFile.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'llvm/lib/Object/WasmObjectFile.cpp')

diff --git a/llvm/lib/Object/WasmObjectFile.cpp b/llvm/lib/Object/WasmObjectFile.cpp
index f75dbfc3014..b8bc4712ec3 100644
--- a/llvm/lib/Object/WasmObjectFile.cpp
+++ b/llvm/lib/Object/WasmObjectFile.cpp
@@ -82,6 +82,8 @@ static uint32_t readUint32(WasmObjectFile::ReadContext &Ctx) {
 }
 
 static int32_t readFloat32(WasmObjectFile::ReadContext &Ctx) {
+  if (Ctx.Ptr + 4 > Ctx.End)
+    report_fatal_error("EOF while reading float64");
   int32_t Result = 0;
   memcpy(&Result, Ctx.Ptr, sizeof(Result));
   Ctx.Ptr += sizeof(Result);
@@ -89,6 +91,8 @@ static int32_t readFloat32(WasmObjectFile::ReadContext &Ctx) {
 }
 
 static int64_t readFloat64(WasmObjectFile::ReadContext &Ctx) {
+  if (Ctx.Ptr + 8 > Ctx.End)
+    report_fatal_error("EOF while reading float64");
   int64_t Result = 0;
   memcpy(&Result, Ctx.Ptr, sizeof(Result));
   Ctx.Ptr += sizeof(Result);
-- 
cgit v1.2.3