From: Rafael Espindola <rafael.espindola@gmail.com>
Date: Thu, 19 Oct 2017 01:25:48 +0000 (+0000)
Subject: Fix buffer overflow.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4179daa6ae61df372e060c891144be70090b2706;p=llvm

Fix buffer overflow.

We were reading past the end of the buffer.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316143 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/BinaryFormat/Magic.cpp b/lib/BinaryFormat/Magic.cpp
index e9b8df93b90..db8e9526e64 100644
--- a/lib/BinaryFormat/Magic.cpp
+++ b/lib/BinaryFormat/Magic.cpp
@@ -185,7 +185,7 @@ file_magic llvm::identify_magic(StringRef Magic) {
     if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
       uint32_t off = read32le(Magic.data() + 0x3c);
       // PE/COFF file, either EXE or DLL.
-      if (off < Magic.size() &&
+      if (off + sizeof(COFF::PEMagic) <= Magic.size() &&
           memcmp(Magic.data() + off, COFF::PEMagic, sizeof(COFF::PEMagic)) == 0)
         return file_magic::pecoff_executable;
     }
diff --git a/test/Object/Inputs/invalid-coff-header-too-small b/test/Object/Inputs/invalid-coff-header-too-small
new file mode 100644
index 00000000000..c9f0c965b76
Binary files /dev/null and b/test/Object/Inputs/invalid-coff-header-too-small differ
diff --git a/test/Object/invalid.test b/test/Object/invalid.test
index b0b5528ab05..6899f5ab057 100644
--- a/test/Object/invalid.test
+++ b/test/Object/invalid.test
@@ -86,3 +86,6 @@ INVALID-REL-SYM: invalid section offset
 
 RUN: not llvm-readobj -r %p/Inputs/invalid-buffer.elf 2>&1 | FileCheck --check-prefix=INVALID-BUFFER %s
 INVALID-BUFFER: Invalid buffer
+
+RUN: not llvm-readobj %p/Inputs/invalid-coff-header-too-small 2>&1 | FileCheck --check-prefix=COFF-HEADER %s
+COFF-HEADER: The file was not recognized as a valid object file