From e69aa182b741a296d4fdfb6d9928593bdf57c994 Mon Sep 17 00:00:00 2001
From: Jonas Devlieghere <jonas@devlieghere.com>
Date: Wed, 23 Aug 2017 21:36:04 +0000
Subject: [PATCH] [WebAssembly] Fix overflow for input with missing version

Differential revision: https://reviews.llvm.org/D37070

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@311605 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Object/WasmObjectFile.cpp                |  10 +++++++++-
 test/Object/Inputs/WASM/missing-version.wasm | Bin 0 -> 6 bytes
 test/Object/wasm-missing-version.test        |   2 ++
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 test/Object/Inputs/WASM/missing-version.wasm
 create mode 100644 test/Object/wasm-missing-version.test

diff --git a/lib/Object/WasmObjectFile.cpp b/lib/Object/WasmObjectFile.cpp
index 7f80bf0b83a..91fc6138cd6 100644
--- a/lib/Object/WasmObjectFile.cpp
+++ b/lib/Object/WasmObjectFile.cpp
@@ -203,7 +203,16 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err)
                                   object_error::parse_failed);
     return;
   }
+
+  const uint8_t *Eof = getPtr(getData().size());
   const uint8_t *Ptr = getPtr(4);
+
+  if (Ptr + 4 > Eof) {
+    Err = make_error<StringError>("Missing version number",
+                                  object_error::parse_failed);
+    return;
+  }
+
   Header.Version = readUint32(Ptr);
   if (Header.Version != wasm::WasmVersion) {
     Err = make_error<StringError>("Bad version number",
@@ -211,7 +220,6 @@ WasmObjectFile::WasmObjectFile(MemoryBufferRef Buffer, Error &Err)
     return;
   }
 
-  const uint8_t *Eof = getPtr(getData().size());
   WasmSection Sec;
   while (Ptr < Eof) {
     if ((Err = readSection(Sec, Ptr, getPtr(0))))
diff --git a/test/Object/Inputs/WASM/missing-version.wasm b/test/Object/Inputs/WASM/missing-version.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..fc4f47f11abbef251f75b22087fdd8cca677d428
GIT binary patch
literal 6
NcmZQbEY1~X000Ff0aXA1

literal 0
HcmV?d00001

diff --git a/test/Object/wasm-missing-version.test b/test/Object/wasm-missing-version.test
new file mode 100644
index 00000000000..98586e7da58
--- /dev/null
+++ b/test/Object/wasm-missing-version.test
@@ -0,0 +1,2 @@
+# RUN: not llvm-objdump -h %p/Inputs/WASM/missing-version.wasm 2>&1 | FileCheck %s
+# CHECK: {{.*}}: Missing version number
-- 
2.50.1