Add a tiny bit of hardening to the eh_frame and compact unwind parsing.

When we're seeing offsets that exceed the size of our section, don't try to use that unwind info. <rdar://problem/20113673> llvm-svn: 233886
2015-04-02 04:35:32 +00:00 · 2015-04-02 04:35:32 +00:00 · c48ef341e1
parent b1cd98a18d
commit c48ef341e1
2 changed files with 34 additions and 1 deletions
--- a/lldb/source/Symbol/CompactUnwindInfo.cpp
+++ b/lldb/source/Symbol/CompactUnwindInfo.cpp
@ -283,9 +283,17 @@ CompactUnwindInfo::ScanIndex (const ProcessSP &process_sp)

        uint32_t indexCount = m_unwindinfo_data.GetU32(&offset);

-        if (m_unwind_header.version != 1)
+        if (m_unwind_header.common_encodings_array_offset > m_unwindinfo_data.GetByteSize()
+            || m_unwind_header.personality_array_offset > m_unwindinfo_data.GetByteSize()
+            || indexSectionOffset > m_unwindinfo_data.GetByteSize()
+            || offset > m_unwindinfo_data.GetByteSize())
        {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid offset encountered in compact unwind info, skipping\n");
+            // don't trust anything from this compact_unwind section if it looks
+            // blatently invalid data in the header.
            m_indexes_computed = eLazyBoolNo;
+            return;
        }

        // Parse the basic information from the indexes
--- a/lldb/source/Symbol/DWARFCallFrameInfo.cpp
+++ b/lldb/source/Symbol/DWARFCallFrameInfo.cpp
@ -365,6 +365,31 @@ DWARFCallFrameInfo::GetFDEIndex ()
            cie_offset = current_entry + 4 - cie_id;
        }

+        if (next_entry > m_cfi_data.GetByteSize() + 1)
+        {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid fde/cie next entry offset of 0x%x found in cie/fde at 0x%x\n",
+                    next_entry,
+                    current_entry);
+            // Don't trust anything in this eh_frame section if we find blatently 
+            // invalid data.
+            m_fde_index.Clear();
+            m_fde_index_initialized = true;
+            return;
+        }
+        if (cie_offset > m_cfi_data.GetByteSize())
+        {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid cie offset of 0x%x found in cie/fde at 0x%x\n",
+                    cie_offset,
+                    current_entry);
+            // Don't trust anything in this eh_frame section if we find blatently 
+            // invalid data.
+            m_fde_index.Clear();
+            m_fde_index_initialized = true;
+            return;
+        }
+
        if (cie_id == 0 || cie_id == UINT32_MAX || len == 0)
        {
            m_cie_map[current_entry] = ParseCIE (current_entry);