Fix buffer overflow.

We were reading past the end of the buffer.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316143 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/BinaryFormat/Magic.cpp b/lib/BinaryFormat/Magic.cpp
index e9b8df93b90281b77825a83627b4d32e0f8f2870..db8e9526e64799479681beea4713fc0d9496d7bf 100644 (file)
--- a/lib/BinaryFormat/Magic.cpp
+++ b/lib/BinaryFormat/Magic.cpp
@@ -185,7 +185,7 @@ file_magic llvm::identify_magic(StringRef Magic) {
     if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
       uint32_t off = read32le(Magic.data() + 0x3c);
       // PE/COFF file, either EXE or DLL.
-      if (off < Magic.size() &&
+      if (off + sizeof(COFF::PEMagic) <= Magic.size() &&
           memcmp(Magic.data() + off, COFF::PEMagic, sizeof(COFF::PEMagic)) == 0)
         return file_magic::pecoff_executable;
     }

diff --git a/test/Object/Inputs/invalid-coff-header-too-small b/test/Object/Inputs/invalid-coff-header-too-small
new file mode 100644 (file)
index 0000000..c9f0c96
Binary files /dev/null and b/test/Object/Inputs/invalid-coff-header-too-small differ

diff --git a/test/Object/invalid.test b/test/Object/invalid.test
index b0b5528ab05b5426e69a3e3b06ebfe0e3e9c1cf9..6899f5ab0572eed8a79d8006bfad0c415eb7cff3 100644 (file)
--- a/test/Object/invalid.test
+++ b/test/Object/invalid.test
@@ -86,3 +86,6 @@ INVALID-REL-SYM: invalid section offset
 
 RUN: not llvm-readobj -r %p/Inputs/invalid-buffer.elf 2>&1 | FileCheck --check-prefix=INVALID-BUFFER %s
 INVALID-BUFFER: Invalid buffer
+
+RUN: not llvm-readobj %p/Inputs/invalid-coff-header-too-small 2>&1 | FileCheck --check-prefix=COFF-HEADER %s
+COFF-HEADER: The file was not recognized as a valid object file