From: Jonas Devlieghere Date: Wed, 23 Aug 2017 21:36:04 +0000 (+0000) Subject: [WebAssembly] Fix overflow for input with missing version X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e69aa182b741a296d4fdfb6d9928593bdf57c994;p=llvm [WebAssembly] Fix overflow for input with missing version Differential revision: https://reviews.llvm.org/D37070 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@311605 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Object/WasmObjectFile.cpp b/lib/Object/WasmObjectFile.cpp index 7f80bf0b83a..91fc6138cd6 100644 --- a/lib/Object/WasmObjectFile.cpp +++ b/lib/Object/WasmObjectFile.cpp @@ -203,7 +203,16 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err) object_error::parse_failed); return; } + + const uint8_t *Eof = getPtr(getData().size()); const uint8_t *Ptr = getPtr(4); + + if (Ptr + 4 > Eof) { + Err = make_error("Missing version number", + object_error::parse_failed); + return; + } + Header.Version = readUint32(Ptr); if (Header.Version != wasm::WasmVersion) { Err = make_error("Bad version number", @@ -211,7 +220,6 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err) return; } - const uint8_t *Eof = getPtr(getData().size()); WasmSection Sec; while (Ptr < Eof) { if ((Err = readSection(Sec, Ptr, getPtr(0)))) diff --git a/test/Object/Inputs/WASM/missing-version.wasm b/test/Object/Inputs/WASM/missing-version.wasm new file mode 100644 index 00000000000..fc4f47f11ab Binary files /dev/null and b/test/Object/Inputs/WASM/missing-version.wasm differ diff --git a/test/Object/wasm-missing-version.test b/test/Object/wasm-missing-version.test new file mode 100644 index 00000000000..98586e7da58 --- /dev/null +++ b/test/Object/wasm-missing-version.test @@ -0,0 +1,2 @@ +# RUN: not llvm-objdump -h %p/Inputs/WASM/missing-version.wasm 2>&1 | FileCheck %s +# CHECK: {{.*}}: Missing version number